ID

VAR-202407-0144


CVE

CVE-2024-39872


TITLE

Siemens'  SINEMA Remote Connect Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007671

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level. Siemens' SINEMA Remote Connect Server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks. Attackers can exploit this vulnerability to escalate their permissions at the underlying operating system level

Trust: 2.16

sources: NVD: CVE-2024-39872 // JVNDB: JVNDB-2024-007671 // CNVD: CNVD-2024-31249

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-31249

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp1scope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2024-31249 // JVNDB: JVNDB-2024-007671 // NVD: CVE-2024-39872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-39872
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2024-39872
value: CRITICAL

Trust: 1.0

NVD: CVE-2024-39872
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-31249
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-31249
severity: HIGH
baseScore: 8.5
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-39872
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.1
impactScore: 6.0
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-39872
baseSeverity: CRITICAL
baseScore: 9.6
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.1
impactScore: 5.8
version: 3.1

Trust: 1.0

NVD: CVE-2024-39872
baseSeverity: CRITICAL
baseScore: 9.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-31249 // JVNDB: JVNDB-2024-007671 // NVD: CVE-2024-39872 // NVD: CVE-2024-39872

PROBLEMTYPE DATA

problemtype:CWE-378

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007671 // NVD: CVE-2024-39872

PATCH

title:Patch for Siemens SINEMA Remote Connect Server has an unspecified vulnerability (CNVD-2024-31249)url:https://www.cnvd.org.cn/patchInfo/show/567781

Trust: 0.6

sources: CNVD: CNVD-2024-31249

EXTERNAL IDS

db:NVDid:CVE-2024-39872

Trust: 3.2

db:SIEMENSid:SSA-381581

Trust: 2.4

db:ICS CERTid:ICSA-24-193-01

Trust: 0.8

db:JVNid:JVNVU99298639

Trust: 0.8

db:JVNDBid:JVNDB-2024-007671

Trust: 0.8

db:CNVDid:CNVD-2024-31249

Trust: 0.6

sources: CNVD: CNVD-2024-31249 // JVNDB: JVNDB-2024-007671 // NVD: CVE-2024-39872

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99298639/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39872

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01

Trust: 0.8

sources: CNVD: CNVD-2024-31249 // JVNDB: JVNDB-2024-007671 // NVD: CVE-2024-39872

SOURCES

db:CNVDid:CNVD-2024-31249
db:JVNDBid:JVNDB-2024-007671
db:NVDid:CVE-2024-39872

LAST UPDATE DATE

2024-09-11T19:28:29.032000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-31249date:2024-07-10T00:00:00
db:JVNDBid:JVNDB-2024-007671date:2024-09-10T03:01:00
db:NVDid:CVE-2024-39872date:2024-09-09T15:24:26.130

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-31249date:2024-07-11T00:00:00
db:JVNDBid:JVNDB-2024-007671date:2024-09-10T00:00:00
db:NVDid:CVE-2024-39872date:2024-07-09T12:15:19.070