SINEMA RC Server <v3.2 SP1 Remote Code Execution via unsafe file restore
CVE-2024-39865 Published on July 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2024-39865 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2024-39865
Want to know whenever a new CVE is published for Siemens Sinema Remote Connect Server? stack.watch will email you.
Affected Versions
Siemens SINEMA Remote Connect Server:- Before V3.2 SP1 is affected.
- Before 3.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.