Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39875

5.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

What is CVE-2024-39875?

An information disclosure vulnerability has been identified in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows authenticated users with low privileges who possess the 'Manage own remote connections' permission to access sensitive information, including details about other users and their group memberships. This may lead to unauthorized visibility of user data, posing potential risks to user privacy and security.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 9, 2024