Vulnerabilities > CVE-2024-39569 - Unspecified vulnerability in Siemens Sinema Remote Connect Client

CVSS 7.2 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

siemens

NVD

Published: 2024-07-09

Updated: 2024-11-21

Summary

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinema Remote Connect Client - Siemens Sinema Remote Connect Client 1.0 Siemens Sinema Remote Connect Client 1.3 Siemens Sinema Remote Connect Client 2.0 Siemens Sinema Remote Connect Client 3.1 Siemens Sinema Remote Connect Client 3.2	8

Summary

Vulnerable Configurations

References