CVE-2024-39873
First published: Tue Jul 09 2024(Updated: )
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEMA Remote Connect | <3.2 | |
| Siemens SINEMA Remote Connect | =3.2 | |
| Siemens SINEMA Remote Connect | =3.2-hf1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-39873?
CVE-2024-39873 is considered a medium severity vulnerability due to its potential to expose user credentials.
How do I fix CVE-2024-39873?
To mitigate CVE-2024-39873, upgrade the SINEMA Remote Connect Server to version 3.2 SP1 or later.
What systems are affected by CVE-2024-39873?
CVE-2024-39873 affects all versions of SINEMA Remote Connect Server prior to version 3.2 SP1.
What type of attack does CVE-2024-39873 allow?
CVE-2024-39873 allows attackers to conduct brute force attacks against user credentials through the web API.
Is there a workaround for CVE-2024-39873?
There is no specific workaround for CVE-2024-39873; upgrading to a patched version is recommended.
- agent/weakness
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/siemens
- canonical/siemens sinema remote connect
- version/siemens sinema remote connect/3.2
- version/siemens sinema remote connect/3.2-hf1