CVE-2024-42344

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-417159.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:siemens:sinema_remote_connect_client::::::::
	cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-::::::
	cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:hf1::::::
	cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:sp1::::::

History

No history.

Information

Published : 2024-09-10 10:15

Updated : 2024-09-10 18:54

NVD link : CVE-2024-42344

Mitre link : CVE-2024-42344

CVE.ORG link : CVE-2024-42344

JSON object : View

Products Affected

siemens

sinema_remote_connect_client

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2024-42344", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 4.8, "automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "LOW", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-10T10:15:12.213", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-417159.html", "tags": ["Patch", "Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones anteriores a V3.2 SP2). La aplicaci\u00f3n afectada inserta informaci\u00f3n confidencial en un archivo de registro que pueden leer todos los usuarios leg\u00edtimos del sistema subyacente. Esto podr\u00eda permitir que un atacante autenticado comprometa la confidencialidad de los datos de configuraci\u00f3n de otros usuarios."}], "lastModified": "2024-09-10T18:54:58.413", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DA05EE4-6C59-4FA4-BCA5-B7A246E11E48", "versionEndExcluding": "3.2"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF91D6EE-AE6E-4B31-89E2-72848EB2273A"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:hf1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15171F96-9402-4C39-8001-E5FDFBD7CA48"}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:3.2:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ACAE5FD9-8F0A-4045-8A0A-96AA5966D05E"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}