CVE-2024-39867: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the...

7.6 CVSS

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.

Classification

CVE ID: CVE-2024-39867

CVSS Base Severity: HIGH

CVSS Base Score: 7.6

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Problem Types

CWE-425: Direct Request ('Forced Browsing')

Affected Products

Vendor: Siemens

Product: SINEMA Remote Connect Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.4% (probability of being exploited)

EPSS Percentile: 59.36% (scored less or equal to compared to others)

EPSS Date: 2025-05-11 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: egress

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-39867
https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Timeline

2025-05-01 17:42:54 UTC
CVE

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the...