ID
VAR-202409-0344
CVE
CVE-2024-42345
TITLE
Siemens' SINEMA Remote Connect Server Session immobilization vulnerability in
Trust: 0.8
sources:
JVNDB: JVNDB-2024-007754
DESCRIPTION
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment. The platform is mainly used for remote access, maintenance, control and diagnosis of underlying networks
Trust: 2.16
sources:
NVD: CVE-2024-42345 //
JVNDB: JVNDB-2024-007754 //
CNVD: CNVD-2024-38005
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2024-38005
AFFECTED PRODUCTS
| vendor: | siemens | model: | sinema remote connect server | scope: | eq | version: | 3.2 | Trust: 1.0 |
| vendor: | siemens | model: | sinema remote connect server | scope: | lt | version: | 3.2 | Trust: 1.0 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | eq | version: | 3.2 | Trust: 0.8 |
| vendor: | シーメンス | model: | sinema remote connect server | scope: | - | version: | - | Trust: 0.8 |
| vendor: | siemens | model: | sinema remote connect server sp2 | scope: | lt | version: | v3.2 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-38005 //
JVNDB: JVNDB-2024-007754 //
NVD: CVE-2024-42345
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2024-38005 //
JVNDB: JVNDB-2024-007754 //
NVD: CVE-2024-42345 //
NVD: CVE-2024-42345
PROBLEMTYPE DATA
| problemtype: | CWE-384 | Trust: 1.0 |
| problemtype: | Session immobilization (CWE-384) [ others ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2024-007754 //
NVD: CVE-2024-42345
PATCH
| title: | Patch for Siemens SINEMA Remote Connect Server Session Fixation Vulnerability | url: | https://www.cnvd.org.cn/patchInfo/show/590376 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-38005
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-42345 | Trust: 3.2 |
| db: | SIEMENS | id: | SSA-869574 | Trust: 2.4 |
| db: | JVN | id: | JVNVU90825867 | Trust: 0.8 |
| db: | ICS CERT | id: | ICSA-24-256-01 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2024-007754 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2024-38005 | Trust: 0.6 |
sources:
CNVD: CNVD-2024-38005 //
JVNDB: JVNDB-2024-007754 //
NVD: CVE-2024-42345
REFERENCES
| url: | https://cert-portal.siemens.com/productcert/html/ssa-869574.html | Trust: 2.4 |
| url: | https://jvn.jp/vu/jvnvu90825867/index.html | Trust: 0.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-42345 | Trust: 0.8 |
| url: | https://www.cisa.gov/news-events/ics-advisories/icsa-24-256-01 | Trust: 0.8 |
sources:
CNVD: CNVD-2024-38005 //
JVNDB: JVNDB-2024-007754 //
NVD: CVE-2024-42345
SOURCES
| db: | CNVD | id: | CNVD-2024-38005 |
| db: | JVNDB | id: | JVNDB-2024-007754 |
| db: | NVD | id: | CVE-2024-42345 |
LAST UPDATE DATE
2024-09-28T21:52:17.054000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2024-38005 | date: | 2024-09-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-007754 | date: | 2024-09-13T05:58:00 |
| db: | NVD | id: | CVE-2024-42345 | date: | 2024-09-10T18:54:46.653 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2024-38005 | date: | 2024-09-13T00:00:00 |
| db: | JVNDB | id: | JVNDB-2024-007754 | date: | 2024-09-11T00:00:00 |
| db: | NVD | id: | CVE-2024-42345 | date: | 2024-09-10T10:15:12.433 |