cnvd - cnvd-2024-31232

cnvd-2024-31232

Vulnerability from cnvd

Title

Siemens SINEMA Remote Connect Server使用不安全操作定义权限漏洞

Description

Siemens SINEMA Remote Connect Server是德国西门子（Siemens）公司的一套远程网络管理平台。该平台主要用于远程访问、维护、控制和诊断底层网络。 Siemens SINEMA Remote Connect Server存在使用不安全操作定义权限漏洞，攻击者可利用该漏洞能够访问备份加密密钥并有权上传备份文件，从而创建具有管理权限的用户。

Severity

高

Patch Name

Siemens SINEMA Remote Connect Server使用不安全操作定义权限漏洞的补丁

Patch Description

Formal description

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Reference

https://cert-portal.siemens.com/productcert/html/ssa-381581.html

Impacted products

Name
Siemens SINEMA Remote Connect Server < V3.2 SP1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-39866"
    }
  },
  "description": "Siemens SINEMA Remote Connect Server\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fdc\u7a0b\u7f51\u7edc\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u8fdc\u7a0b\u8bbf\u95ee\u3001\u7ef4\u62a4\u3001\u63a7\u5236\u548c\u8bca\u65ad\u5e95\u5c42\u7f51\u7edc\u3002\n\nSiemens SINEMA Remote Connect Server\u5b58\u5728\u4f7f\u7528\u4e0d\u5b89\u5168\u64cd\u4f5c\u5b9a\u4e49\u6743\u9650\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u8bbf\u95ee\u5907\u4efd\u52a0\u5bc6\u5bc6\u94a5\u5e76\u6709\u6743\u4e0a\u4f20\u5907\u4efd\u6587\u4ef6\uff0c\u4ece\u800c\u521b\u5efa\u5177\u6709\u7ba1\u7406\u6743\u9650\u7684\u7528\u6237\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-381581.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-31232",
  "openTime": "2024-07-10",
  "patchDescription": "Siemens SINEMA Remote Connect Server\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u8fdc\u7a0b\u7f51\u7edc\u7ba1\u7406\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u7528\u4e8e\u8fdc\u7a0b\u8bbf\u95ee\u3001\u7ef4\u62a4\u3001\u63a7\u5236\u548c\u8bca\u65ad\u5e95\u5c42\u7f51\u7edc\u3002\r\n\r\nSiemens SINEMA Remote Connect Server\u5b58\u5728\u4f7f\u7528\u4e0d\u5b89\u5168\u64cd\u4f5c\u5b9a\u4e49\u6743\u9650\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u80fd\u591f\u8bbf\u95ee\u5907\u4efd\u52a0\u5bc6\u5bc6\u94a5\u5e76\u6709\u6743\u4e0a\u4f20\u5907\u4efd\u6587\u4ef6\uff0c\u4ece\u800c\u521b\u5efa\u5177\u6709\u7ba1\u7406\u6743\u9650\u7684\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens SINEMA Remote Connect Server\u4f7f\u7528\u4e0d\u5b89\u5168\u64cd\u4f5c\u5b9a\u4e49\u6743\u9650\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Siemens SINEMA Remote Connect Server \u003c V3.2 SP1"
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
  "serverity": "\u9ad8",
  "submitTime": "2024-07-10",
  "title": "Siemens SINEMA Remote Connect Server\u4f7f\u7528\u4e0d\u5b89\u5168\u64cd\u4f5c\u5b9a\u4e49\u6743\u9650\u6f0f\u6d1e"
}

CVE-2024-39866 (GCVE-0-2024-39866)

Vulnerability from cvelistv5

Published

2024-07-09 12:05

Modified

2025-08-27 20:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CWE

CWE-267 - Privilege Defined With Unsafe Actions

Summary

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.

References

URL

Tags