CVE-2024-39571: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command...
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.
Classification
CVE ID: CVE-2024-39571
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')Affected Products
Vendor: Siemens
Product: SINEMA Remote Connect Server
Exploit Prediction Scoring System (EPSS)
EPSS Score: 1.6% (probability of being exploited)
EPSS Percentile: 80.77% (scored less or equal to compared to others)
EPSS Date: 2025-05-30 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact:
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-39571https://cert-portal.siemens.com/productcert/html/ssa-928781.html