PT-2024-5082 · Siemens · Sinema Remote Connect Client
Published
2024-07-09
·
Updated
2024-07-09
·
CVE-2024-39567
CVSS v4.0
8.5
High
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
SINEMA Remote Connect Client versions prior to V3.2 HF1
Description:
A vulnerability has been identified in the system service of affected applications, which is vulnerable to command injection due to missing server-side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
Recommendations:
For versions prior to V3.2 HF1, update to version V3.2 HF1 or later to resolve the issue. As a temporary workaround, consider restricting access to the system service to minimize the risk of exploitation. Avoid using the vulnerable system service until the issue is resolved.
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sinema Remote Connect Client