CVE-2024-22045

{"id": "CVE-2024-22045", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-03-12T11:15:49.390", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}, {"url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-538"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones &lt; V3.1 SP1). El producto coloca informaci\u00f3n confidencial en archivos o directorios a los que pueden acceder los actores a quienes se les permite tener acceso a los archivos, pero no a la informaci\u00f3n confidencial. Esta informaci\u00f3n tambi\u00e9n est\u00e1 disponible a trav\u00e9s de la interfaz web del producto."}], "lastModified": "2024-11-21T08:55:27.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D90E9D5-EAC5-480A-9DF5-9726B34807AC", "versionEndExcluding": "3.1"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:3.1:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3100A7B5-00F4-4DB9-951F-23F548256C9B"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}