Sign-up

ID

VAR-202407-0134


CVE

CVE-2024-39873


TITLE

Siemens'  SINEMA Remote Connect Server  Vulnerability in improperly limiting excessive authentication attempts in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007661

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Trust: 2.16

sources: NVD: CVE-2024-39873 // JVNDB: JVNDB-2024-007661 // CNVD: CNVD-2024-31248

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-31248

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp1scope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2024-31248 // JVNDB: JVNDB-2024-007661 // NVD: CVE-2024-39873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-39873
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2024-39873
value: HIGH

Trust: 1.0

NVD: CVE-2024-39873
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-31248
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-31248
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-39873
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-39873
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-31248 // JVNDB: JVNDB-2024-007661 // NVD: CVE-2024-39873 // NVD: CVE-2024-39873

PROBLEMTYPE DATA

problemtype:CWE-307

Trust: 1.0

problemtype:Inappropriate limitation of excessive authentication attempts (CWE-307) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007661 // NVD: CVE-2024-39873

PATCH

title:Patch for Siemens SINEMA Remote Connect Server has an unspecified vulnerability (CNVD-2024-31248)url:https://www.cnvd.org.cn/patchInfo/show/567766

Trust: 0.6

sources: CNVD: CNVD-2024-31248

EXTERNAL IDS

db:NVDid:CVE-2024-39873

Trust: 3.2

db:SIEMENSid:SSA-381581

Trust: 2.4

db:ICS CERTid:ICSA-24-193-01

Trust: 0.8

db:JVNid:JVNVU99298639

Trust: 0.8

db:JVNDBid:JVNDB-2024-007661

Trust: 0.8

db:CNVDid:CNVD-2024-31248

Trust: 0.6

sources: CNVD: CNVD-2024-31248 // JVNDB: JVNDB-2024-007661 // NVD: CVE-2024-39873

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99298639/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39873

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01

Trust: 0.8

sources: CNVD: CNVD-2024-31248 // JVNDB: JVNDB-2024-007661 // NVD: CVE-2024-39873

SOURCES

db:CNVDid:CNVD-2024-31248
db:JVNDBid:JVNDB-2024-007661
db:NVDid:CVE-2024-39873

LAST UPDATE DATE

2024-09-11T20:34:21.579000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-31248date:2024-07-10T00:00:00
db:JVNDBid:JVNDB-2024-007661date:2024-09-10T01:30:00
db:NVDid:CVE-2024-39873date:2024-09-09T15:25:21.893

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-31248date:2024-07-11T00:00:00
db:JVNDBid:JVNDB-2024-007661date:2024-09-10T00:00:00
db:NVDid:CVE-2024-39873date:2024-07-09T12:15:19.317