Details of VAR-202407-0205

ID

VAR-202407-0205

CVE

CVE-2024-39570

TITLE

Siemens' SINEMA Remote Connect Server Command injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-007529

DESCRIPTION

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges. Siemens' SINEMA Remote Connect Server Contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-39570 // JVNDB: JVNDB-2024-007529

AFFECTED PRODUCTS

vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.2	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	シーメンス	model:	sinema remote connect server	scope:	eq	version:	3.2	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinema remote connect server	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-007529 // NVD: CVE-2024-39570

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-39570
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2024-39570
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-39570
value:	HIGH
Trust: 0.8

nvd@nist.gov:	CVE-2024-39570
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 2.0
NVD:	CVE-2024-39570
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-007529 // NVD: CVE-2024-39570 // NVD: CVE-2024-39570

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.0
problemtype:	Command injection (CWE-77) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-007529 // NVD: CVE-2024-39570

EXTERNAL IDS

db:	NVD	id:	CVE-2024-39570	Trust: 2.6
db:	SIEMENS	id:	SSA-928781	Trust: 1.8
db:	ICS CERT	id:	ICSA-24-193-09	Trust: 0.8
db:	JVN	id:	JVNVU99298639	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-007529	Trust: 0.8

sources: JVNDB: JVNDB-2024-007529 // NVD: CVE-2024-39570

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-928781.html	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu99298639/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-39570	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-193-09	Trust: 0.8

sources: JVNDB: JVNDB-2024-007529 // NVD: CVE-2024-39570

SOURCES

db:	JVNDB	id:	JVNDB-2024-007529
db:	NVD	id:	CVE-2024-39570

LAST UPDATE DATE

2024-09-10T20:46:36.467000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-007529	date:	2024-09-09T02:27:00
db:	NVD	id:	CVE-2024-39570	date:	2024-09-06T21:20:26.347

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-007529	date:	2024-09-09T00:00:00
db:	NVD	id:	CVE-2024-39570	date:	2024-07-09T12:15:16.723