CVE-2024-39865

high-risk
Published 2024-07-09

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.

Do I need to act?

!
10.6% chance of exploitation in next 30 days
EPSS score — higher than 89% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (3)

Affected Vendors

Siemens

References (2)

Patch https://cert-portal.siemens.com/productcert/html/ssa-381581.html
Patch https://cert-portal.siemens.com/productcert/html/ssa-381581.html
50
/ 100
high-risk
Severity 30/34 · Critical
Exploitability 11/34 · Low
Exposure 9/34 · Low