CVE-2024-42345

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:*

History

10 Sep 2024, 18:54

Type Values Removed Values Added
First Time Siemens
Siemens sinema Remote Connect Server
CPE cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*
References () https://cert-portal.siemens.com/productcert/html/ssa-869574.html - () https://cert-portal.siemens.com/productcert/html/ssa-869574.html - Vendor Advisory

10 Sep 2024, 12:09

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad en SINEMA Remote Connect Server (todas las versiones anteriores a V3.2 SP2). La aplicación afectada no gestiona correctamente el establecimiento y la invalidación de sesiones de usuario. Esto podría permitir que un atacante remoto eluda la autenticación multifactor adicional para el establecimiento de sesiones de usuario.

10 Sep 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-10 10:15

Updated : 2024-09-10 18:54


NVD link : CVE-2024-42345

Mitre link : CVE-2024-42345

CVE.ORG link : CVE-2024-42345


JSON object : View

Products Affected

siemens

  • sinema_remote_connect_server
CWE
CWE-384

Session Fixation