Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39875

5.3MEDIUM

Key Information:

Vendor
Siemens
Status
Sinema Remote Connect Server
Vendor
CVE Published:
9 July 2024

Summary

An information disclosure vulnerability has been identified in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows authenticated users with low privileges who possess the 'Manage own remote connections' permission to access sensitive information, including details about other users and their group memberships. This may lead to unauthorized visibility of user data, posing potential risks to user privacy and security.

Affected Version(s)

SINEMA Remote Connect Server 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

.
CVE-2024-39875 : Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens | SecurityVulnerability.io