Details of VAR-202407-0146

ID

VAR-202407-0146

CVE

CVE-2024-39870

TITLE

Siemens SINEMA Remote Connect Server has an unspecified vulnerability

Trust: 0.6

sources: CNVD: CNVD-2024-31251

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks

Trust: 1.44

sources: NVD: CVE-2024-39870 // CNVD: CNVD-2024-31251

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-31251

AFFECTED PRODUCTS

vendor:

siemens

model:

sinema remote connect server sp1

scope:

version:

v3.2

Trust: 0.6

sources: CNVD: CNVD-2024-31251

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-39870
value:	HIGH
Trust: 1.0
CNVD:	CNVD-2024-31251
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-31251
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

productcert@siemens.com:	CVE-2024-39870
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2024-31251 // NVD: CVE-2024-39870

PROBLEMTYPE DATA

problemtype:

CWE-602

Trust: 1.0

sources: NVD: CVE-2024-39870

PATCH

title:

Patch for Siemens SINEMA Remote Connect Server has an unspecified vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/567791

Trust: 0.6

sources: CNVD: CNVD-2024-31251

EXTERNAL IDS

db:	NVD	id:	CVE-2024-39870	Trust: 1.6
db:	SIEMENS	id:	SSA-381581	Trust: 1.6
db:	CNVD	id:	CNVD-2024-31251	Trust: 0.6

sources: CNVD: CNVD-2024-31251 // NVD: CVE-2024-39870

REFERENCES

url:

https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Trust: 1.6

sources: CNVD: CNVD-2024-31251 // NVD: CVE-2024-39870

SOURCES

db:	CNVD	id:	CNVD-2024-31251
db:	NVD	id:	CVE-2024-39870

LAST UPDATE DATE

2024-08-14T12:38:52.787000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-31251	date:	2024-07-10T00:00:00
db:	NVD	id:	CVE-2024-39870	date:	2024-07-09T18:19:14.047

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-31251	date:	2024-07-11T00:00:00
db:	NVD	id:	CVE-2024-39870	date:	2024-07-09T12:15:18.603