gsd-2024-22045
Vulnerability from gsd
Modified
2024-01-05 06:02
Details
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.
Aliases
{ "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2024-22045" ], "details": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.", "id": "GSD-2024-22045", "modified": "2024-01-05T06:02:20.510917Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "productcert@siemens.com", "ID": "CVE-2024-22045", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SINEMA Remote Connect Client", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "0", "version_value": "V3.1 SP1" } ] } } ] }, "vendor_name": "Siemens" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product." } ] }, "impact": { "cvss": [ { "baseScore": 7.6, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C", "version": "3.1" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-538", "lang": "eng", "value": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory" } ] } ] }, "references": { "reference_data": [ { "name": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html", "refsource": "MISC", "url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html" } ] } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D90E9D5-EAC5-480A-9DF5-9726B34807AC", "versionEndExcluding": "3.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:3.1:-:*:*:*:*:*:*", "matchCriteriaId": "3100A7B5-00F4-4DB9-951F-23F548256C9B", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "A vulnerability has been identified in SINEMA Remote Connect Client (All versions \u003c V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product." }, { "lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEMA Remote Connect Client (todas las versiones \u0026lt; V3.1 SP1). El producto coloca informaci\u00f3n confidencial en archivos o directorios a los que pueden acceder los actores a quienes se les permite tener acceso a los archivos, pero no a la informaci\u00f3n confidencial. Esta informaci\u00f3n tambi\u00e9n est\u00e1 disponible a trav\u00e9s de la interfaz web del producto." } ], "id": "CVE-2024-22045", "lastModified": "2024-03-25T16:24:56.037", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" }, { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", "version": "3.1" }, "exploitabilityScore": 2.3, "impactScore": 4.7, "source": "productcert@siemens.com", "type": "Secondary" } ], "cvssMetricV40": [ { "cvssData": { "Availability Requirements": "NOT DEFINED", "Modified Vulnerable System Availability": "NOT DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "automatable": "NOT DEFINED ", "baseScore": 0.0, "baseSeverity": "NONE", "confidentialityRequirements": "HIGH", "exploitMaturity": "NOT DEFINED", "integrityRequirements": "HIGH", "modifiedAttackComplexity": "NOT DEFINED", "modifiedAttackRequirements": "NOT DEFINED", "modifiedAttackVector": "NOT DEFINED", "modifiedPrivilegesRequired": "NOT DEFINED", "modifiedSubsequentSystemAvailability": "NOT DEFINED", "modifiedSubsequentSystemIntegrity": "NOT DEFINED", "modifiedUserInteraction": "NOT DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT DEFINED", "modifiedVulnerableSystemIntegrity": "NOT DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT DEFINED ", "recovery": "NOT DEFINED", "safety": "NOT DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "LOW", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:H/IR:H/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT DEFINED ", "vulnerableSystemAvailability": "NONE", "vulnerableSystemConfidentiality": "LOW", "vulnerableSystemIntegrity": "NONE" }, "exploitabilityScore": 0.0, "impactScore": 0.0, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2024-03-12T11:15:49.390", "references": [ { "source": "productcert@siemens.com", "tags": [ "Patch", "Vendor Advisory" ], "url": "https://cert-portal.siemens.com/productcert/html/ssa-653855.html" } ], "sourceIdentifier": "productcert@siemens.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-Other" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-538" } ], "source": "productcert@siemens.com", "type": "Secondary" } ] } } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.