SINEMA RC Cmd Injection (v<3.2HF1) Allow Local Auth Exec
CVE-2024-39568 Published on July 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 HF1). The system service of affected applications is vulnerable to command injection due to missing server side input sanitation when loading proxy configurations. This could allow an authenticated local attacker to execute arbitrary code with system privileges.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2024-39568 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2024-39568
Want to know whenever a new CVE is published for Siemens Sinema Remote Connect Client? stack.watch will email you.
Affected Versions
Siemens SINEMA Remote Connect Client:- Before V3.2 HF1 is affected.
- Before v3.2HF1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.