216.73.217.98

CVE-2024-42345

· Published 10/09/2024 10:15 · Modified 10/09/2024 18:54

Labels: CVE-2024-42345 2024-09-10CVE-2024-42345CWE-384[email protected]

Essential information

Published
10/09/2024 10:15
Modified
10/09/2024 18:54
Author
Creator
CVSS
4.3 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CVSS metrics

Description

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the additional multi factor authentication for user session establishment.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
siemens / sinema remote connect server cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
siemens / sinema remote connect server cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*
siemens / sinema remote connect server cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:hf1:*:*:*:*:*:*
siemens / sinema remote connect server cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:sp1:*:*:*:*:*:*

References