CVE-2024-39567: Command Injection
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading VPN configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEMA Remote Connect | <V3.2 HF1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39567?
CVE-2024-39567 is considered a medium severity vulnerability due to its potential for command injection.
How do I fix CVE-2024-39567?
To fix CVE-2024-39567, upgrade to SINEMA Remote Connect Client version 3.2 HF1 or later.
Who is affected by CVE-2024-39567?
CVE-2024-39567 affects all versions of the Siemens SINEMA Remote Connect Client prior to version 3.2 HF1.
What type of attack does CVE-2024-39567 enable?
CVE-2024-39567 enables authenticated local attackers to perform command injection attacks.
What are the consequences of CVE-2024-39567?
The consequences of CVE-2024-39567 may include unauthorized command execution on the affected system.
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinema remote connect