CVE-2024-22045

Published: Mar 12, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

Affected (2)

Products: Siemens: Sinema Remote Connect Client

1 product

Sinema Remote Connect Client

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Siemens Sinema Remote Connect Client	Before 3.1
Siemens Sinema Remote Connect Client	Version 3.1

Related CWEs

Insertion of Sensitive Information into Externally-Accessible File or Directory

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

References (2)

https://cert-portal.siemens.com/productcert/html/ssa-653855.html

Source: productcert@siemens.com

PatchVendor Advisory

https://cert-portal.siemens.com/productcert/html/ssa-653855.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.