CVE-2024-39571: Command Injection
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEMA Remote Connect | <3.2 | |
| Siemens SINEMA Remote Connect | =3.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39571?
CVE-2024-39571 is considered a high severity vulnerability due to its potential for command injection.
How do I fix CVE-2024-39571?
To fix CVE-2024-39571, you should upgrade to SINEMA Remote Connect Server version 3.2 HF1 or later.
What are the potential impacts of CVE-2024-39571?
The potential impacts of CVE-2024-39571 include unauthorized command execution and alteration of SNMP configurations.
Which versions of SINEMA Remote Connect Server are affected by CVE-2024-39571?
CVE-2024-39571 affects all versions of SINEMA Remote Connect Server prior to version 3.2 HF1.
Who can exploit CVE-2024-39571?
An attacker with the appropriate permissions to modify SNMP configurations can exploit CVE-2024-39571.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinema remote connect
- version/siemens sinema remote connect/3.2