Information Disclosure Vulnerability in SINEMA Remote Connect Server by Siemens
CVE-2024-39875

4.3MEDIUM

Key Information:

Vendor: Siemens
Status: Sinema Remote Connect Server
Vendor: CVE Published:; 9 July 2024

Summary

An information disclosure vulnerability has been identified in SINEMA Remote Connect Server, affecting all versions prior to V3.2 SP1. This vulnerability allows authenticated users with low privileges who possess the 'Manage own remote connections' permission to access sensitive information, including details about other users and their group memberships. This may lead to unauthorized visibility of user data, posing potential risks to user privacy and security.

References

https://cert-portal.siemens.com/productcert/html/ssa-3815...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2024