VDB

CISA-2024-39871

CISA-2024-39871 PUBLISHED CVSS 6.3 MEDIUM

Reported by siemens · Published July 9, 2024

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.

Risk Scores

CVSS 3.1
6.3
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

Affected Products

VendorProductVersions
SiemensSINEMA Remote Connect Server0
SiemensSINEMA Remote Connect Server0, 0

Timeline

  • Jul 9, 2024 CVE Published
  • Aug 27, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›