Details of VAR-202407-0137

ID

VAR-202407-0137

CVE

CVE-2024-39866

TITLE

Siemens' SINEMA Remote Connect Server Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007684

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges. Siemens' SINEMA Remote Connect Server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network

Trust: 2.16

sources: NVD: CVE-2024-39866 // JVNDB: JVNDB-2024-007684 // CNVD: CNVD-2024-31232

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-31232

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	eq	version:	3.2	Trust: 0.8
vendor:	siemens	model:	sinema remote connect server sp1	scope:	lt	version:	v3.2	Trust: 0.6

sources: CNVD: CNVD-2024-31232 // JVNDB: JVNDB-2024-007684 // NVD: CVE-2024-39866

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-39866
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2024-39866
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-39866
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-31232
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-31232
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-39866
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-39866
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-31232 // JVNDB: JVNDB-2024-007684 // NVD: CVE-2024-39866 // NVD: CVE-2024-39866

PROBLEMTYPE DATA

problemtype:	CWE-267	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007684 // NVD: CVE-2024-39866

PATCH

title:

Patch for Siemens SINEMA Remote Connect Server uses unsafe operation definition permissions vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/567756

Trust: 0.6

sources: CNVD: CNVD-2024-31232

EXTERNAL IDS

db:	NVD	id:	CVE-2024-39866	Trust: 3.2
db:	SIEMENS	id:	SSA-381581	Trust: 2.4
db:	ICS CERT	id:	ICSA-24-193-01	Trust: 0.8
db:	JVN	id:	JVNVU99298639	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-007684	Trust: 0.8
db:	CNVD	id:	CNVD-2024-31232	Trust: 0.6

sources: CNVD: CNVD-2024-31232 // JVNDB: JVNDB-2024-007684 // NVD: CVE-2024-39866

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-381581.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99298639/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-39866	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01	Trust: 0.8

sources: CNVD: CNVD-2024-31232 // JVNDB: JVNDB-2024-007684 // NVD: CVE-2024-39866

SOURCES

db:	CNVD	id:	CNVD-2024-31232
db:	JVNDB	id:	JVNDB-2024-007684
db:	NVD	id:	CVE-2024-39866

LAST UPDATE DATE

2024-09-11T21:59:09.716000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-31232	date:	2024-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2024-007684	date:	2024-09-10T03:26:00
db:	NVD	id:	CVE-2024-39866	date:	2024-09-09T15:18:08.287

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-31232	date:	2024-07-10T00:00:00
db:	JVNDB	id:	JVNDB-2024-007684	date:	2024-09-10T00:00:00
db:	NVD	id:	CVE-2024-39866	date:	2024-07-09T12:15:17.683