CVE-2024-39866: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload...

8.8 CVSS

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

Classification

CVE ID: CVE-2024-39866

CVSS Base Severity: HIGH

CVSS Base Score: 8.8

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem Types

CWE-267: Privilege Defined With Unsafe Actions

Affected Products

Vendor: Siemens

Product: SINEMA Remote Connect Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.11% (probability of being exploited)

EPSS Percentile: 31.19% (scored less or equal to compared to others)

EPSS Date: 2025-05-12 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: egress

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-39866
https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Timeline

2025-05-01 17:42:54 UTC
CVE

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload...