ID

VAR-202407-0145


CVE

CVE-2024-39869


TITLE

Siemens'  SINEMA Remote Connect Server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007645

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network. Siemens SINEMA Remote Connect Server has an abnormal or improper abnormal situation check vulnerability, which can be exploited by attackers to upload carefully crafted certificates, resulting in permanent denial of service

Trust: 2.16

sources: NVD: CVE-2024-39869 // JVNDB: JVNDB-2024-007645 // CNVD: CNVD-2024-31229

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-31229

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.2

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:シーメンスmodel:sinema remote connect serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 0.8

vendor:siemensmodel:sinema remote connect server sp1scope:ltversion:v3.2

Trust: 0.6

sources: CNVD: CNVD-2024-31229 // JVNDB: JVNDB-2024-007645 // NVD: CVE-2024-39869

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-39869
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-39869
value: HIGH

Trust: 1.0

NVD: CVE-2024-39869
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-31229
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-31229
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-39869
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

NVD: CVE-2024-39869
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-31229 // JVNDB: JVNDB-2024-007645 // NVD: CVE-2024-39869 // NVD: CVE-2024-39869

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-754

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-007645 // NVD: CVE-2024-39869

PATCH

title:Patch for Siemens SINEMA Remote Connect Server Improper Exception or Abnormal Condition Check Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/567776

Trust: 0.6

sources: CNVD: CNVD-2024-31229

EXTERNAL IDS

db:NVDid:CVE-2024-39869

Trust: 3.2

db:SIEMENSid:SSA-381581

Trust: 2.4

db:ICS CERTid:ICSA-24-193-01

Trust: 0.8

db:JVNid:JVNVU99298639

Trust: 0.8

db:JVNDBid:JVNDB-2024-007645

Trust: 0.8

db:CNVDid:CNVD-2024-31229

Trust: 0.6

sources: CNVD: CNVD-2024-31229 // JVNDB: JVNDB-2024-007645 // NVD: CVE-2024-39869

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99298639/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-39869

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01

Trust: 0.8

sources: CNVD: CNVD-2024-31229 // JVNDB: JVNDB-2024-007645 // NVD: CVE-2024-39869

SOURCES

db:CNVDid:CNVD-2024-31229
db:JVNDBid:JVNDB-2024-007645
db:NVDid:CVE-2024-39869

LAST UPDATE DATE

2024-09-11T20:57:14.254000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-31229date:2024-07-10T00:00:00
db:JVNDBid:JVNDB-2024-007645date:2024-09-10T00:49:00
db:NVDid:CVE-2024-39869date:2024-09-09T15:20:59.443

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-31229date:2024-07-12T00:00:00
db:JVNDBid:JVNDB-2024-007645date:2024-09-10T00:00:00
db:NVDid:CVE-2024-39869date:2024-07-09T12:15:18.377