Vulnerability Description
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an administrative remote attacker running a corresponding SINEMA Remote Connect Server to execute arbitrary code with system privileges on the client system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sinema Remote Connect Client | < 3.2 |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/html/ssa-868282.htmlPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/html/ssa-868282.htmlPatchVendor Advisory
FAQ
What is CVE-2024-39569?
CVE-2024-39569 is a vulnerability with a CVSS score of 6.6 (MEDIUM). A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side...
How severe is CVE-2024-39569?
CVE-2024-39569 has been rated MEDIUM with a CVSS base score of 6.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39569?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sinema Remote Connect Client.