CVE-2024-39569: A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is...
Description
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.
Classification
CVE ID: CVE-2024-39569
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.6
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')Affected Products
Vendor: Siemens
Product: SINEMA Remote Connect Client
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.66% (probability of being exploited)
EPSS Percentile: 69.88% (scored less or equal to compared to others)
EPSS Date: 2025-05-30 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact:
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-39569https://cert-portal.siemens.com/productcert/html/ssa-868282.html