CVE-2024-42344

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:hf1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:sp1:*:*:*:*:*:*

History

10 Sep 2024, 18:54

Type Values Removed Values Added
References () https://cert-portal.siemens.com/productcert/html/ssa-417159.html - () https://cert-portal.siemens.com/productcert/html/ssa-417159.html - Patch, Vendor Advisory
CVSS v2 : unknown
v3 : 4.4
v2 : unknown
v3 : 5.5
CPE cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:hf1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*
First Time Siemens
Siemens sinema Remote Connect Client

10 Sep 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicación afectada inserta información confidencial en un archivo de registro que pueden leer todos los usuarios legítimos del sistema subyacente. Esto podría permitir que un atacante autenticado comprometa la confidencialidad de los datos de configuración de otros usuarios.

10 Sep 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 10:15

Updated : 2024-09-10 18:54


NVD link : CVE-2024-42344

Mitre link : CVE-2024-42344

CVE.ORG link : CVE-2024-42344


JSON object : View

Products Affected

siemens

  • sinema_remote_connect_client
CWE
CWE-532

Insertion of Sensitive Information into Log File