PT-2024-8748 · Siemens · Sinema Remote Connect Server

Published

2024-07-09

Updated

2024-08-07

CVE-2024-39876

CVSS v4.0

5.3

Medium

Vector

AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions SINEMA Remote Connect Server versions prior to V3.2 SP1

Description The issue is related to improper handling of log rotation, which could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device. This is due to the uncontrolled allocation of resources.

Recommendations For versions prior to V3.2 SP1, update to version V3.2 SP1 or later to resolve the issue. As a temporary workaround, consider implementing proper log rotation and resource management to minimize the risk of exploitation. Restrict access to the device to minimize the risk of denial of service attacks until the issue is resolved.

Fix

Improper Restriction of Excessive Authentication Attempts

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-307CWE-770

Related Identifiers

BDU:2024-10352

CVE-2024-39876

Affected Products

Sinema Remote Connect Server

PT-2024-8748 · Siemens · Sinema Remote Connect Server

CVE-2024-39876

Weakness Enumeration

Related Identifiers

Affected Products

References · 8