CVE-2021-31338

Published: Aug 19, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.

Affected (2)

Products: Siemens: Sinema Remote Connect

1 product

Sinema Remote Connect

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect	Before 3.0
Siemens Sinema Remote Connect	Version 3.0

Related CWEs

External Control of System or Configuration Setting

One or more system settings or configuration elements can be externally controlled by a user.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-816035.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.