CVE-2024-39865: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload...
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
Classification
CVE ID: CVE-2024-39865
CVSS Base Severity: HIGH
CVSS Base Score: 8.8
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Problem Types
CWE-434: Unrestricted Upload of File with Dangerous TypeAffected Products
Vendor: Siemens
Product: SINEMA Remote Connect Server
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.95% (probability of being exploited)
EPSS Percentile: 75.12% (scored less or equal to compared to others)
EPSS Date: 2025-05-12 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: manipulation
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-39865https://cert-portal.siemens.com/productcert/html/ssa-381581.html