CVE-2024-39871: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the...
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
Classification
CVE ID: CVE-2024-39871
CVSS Base Severity: MEDIUM
CVSS Base Score: 6.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Problem Types
CWE-863: Incorrect AuthorizationAffected Products
Vendor: Siemens
Product: SINEMA Remote Connect Server
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 27.6% (scored less or equal to compared to others)
EPSS Date: 2025-05-30 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: egress
SSVC Automatable: true
References
https://nvd.nist.gov/vuln/detail/CVE-2024-39871https://cert-portal.siemens.com/productcert/html/ssa-381581.html