CVE-2024-39869: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An...
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.
Classification
CVE ID: CVE-2024-39869
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.5
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products
Vendor: Siemens
Product: SINEMA Remote Connect Server
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.21% (probability of being exploited)
EPSS Percentile: 43.95% (scored less or equal to compared to others)
EPSS Date: 2025-05-30 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: loss
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-39869https://cert-portal.siemens.com/productcert/html/ssa-381581.html