CVE-2024-39568: Command Injection
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEMA Remote Connect | <3.2 | |
| Siemens SINEMA Remote Connect | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39568?
CVE-2024-39568 is considered a high severity vulnerability due to its potential for command injection.
How do I fix CVE-2024-39568?
To mitigate CVE-2024-39568, upgrade to Siemens SINEMA Remote Connect Client version 3.2 HF1 or later.
Who is affected by CVE-2024-39568?
All versions of Siemens SINEMA Remote Connect Client prior to version 3.2 HF1 are affected by CVE-2024-39568.
What type of attack does CVE-2024-39568 allow?
CVE-2024-39568 allows authenticated local attackers to execute commands due to insufficient input sanitation.
When was CVE-2024-39568 disclosed?
CVE-2024-39568 was officially reported and disclosed in 2024, highlighting critical security risks.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinema remote connect
- version/siemens sinema remote connect/3.2