CVE-2024-39865: Malicious File Upload
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEMA Remote Connect Server | <3.2 | |
| Siemens SINEMA Remote Connect Server | =3.2 | |
| Siemens SINEMA Remote Connect Server | =3.2-hf1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- vendor/siemens
- canonical/siemens sinema remote connect server
- version/siemens sinema remote connect server/3.2
- version/siemens sinema remote connect server/3.2-hf1