CVE-2024-39874: A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement...

7.5 CVSS

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.

Classification

CVE ID: CVE-2024-39874

CVSS Base Severity: HIGH

CVSS Base Score: 7.5

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types

CWE-307: Improper Restriction of Excessive Authentication Attempts

Affected Products

Vendor: Siemens

Product: SINEMA Remote Connect Server

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.15% (probability of being exploited)

EPSS Percentile: 37.01% (scored less or equal to compared to others)

EPSS Date: 2025-05-12 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: egress

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2024-39874
https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Timeline

2025-05-01 17:42:55 UTC
CVE

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement...