ID
VAR-202407-0145
CVE
CVE-2024-39869
TITLE
Siemens' SINEMA Remote Connect Server Vulnerability in
Trust: 0.8
DESCRIPTION
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually. The platform is mainly used for remote access, maintenance, control and diagnosis of the underlying network. Siemens SINEMA Remote Connect Server has an abnormal or improper abnormal situation check vulnerability, which can be exploited by attackers to upload carefully crafted certificates, resulting in permanent denial of service
Trust: 2.16
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect server | scope: | lt | version: | 3.2 | Trust: 1.0 |
| vendor: | siemens | model: | sinema remote connect server | scope: | eq | version: | 3.2 | Trust: 1.0 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | - | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | 3.2 | Trust: 0.8 |
| vendor: | siemens | model: | sinema remote connect server sp1 | scope: | lt | version: | v3.2 | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-754 | Trust: 1.0 |
| problemtype: | Lack of information (CWE-noinfo) [NVD evaluation ] | Trust: 0.8 |
PATCH
| title: | Patch for Siemens SINEMA Remote Connect Server Improper Exception or Abnormal Condition Check Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/567776 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-39869 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-381581 | Trust: 2.4 |
| db: | ICS CERT | id: | ICSA-24-193-01 | Trust: 0.8 |
| db: | JVN | id: | JVNVU99298639 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2024-007645 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2024-31229 | Trust: 0.6 |
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-381581.html | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu99298639/ | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-39869 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-01 | Trust: 0.8 |
SOURCES
| db: | CNVD | id: | CNVD-2024-31229 |
| db: | JVNDB | id: | JVNDB-2024-007645 |
| db: | NVD | id: | CVE-2024-39869 |
LAST UPDATE DATE
2024-09-11T20:57:14.254000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-31229 | date: | 2024-07-10T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-007645 | date: | 2024-09-10T00:49:00 |
| db: | NVD | id: | CVE-2024-39869 | date: | 2024-09-09T15:20:59.443 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-31229 | date: | 2024-07-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-007645 | date: | 2024-09-10T00:00:00 |
| db: | NVD | id: | CVE-2024-39869 | date: | 2024-07-09T12:15:18.377 |