SINEMA RCS v<3.2 SP1 Admin Priv Esc via Encrypted Backup Upload
CVE-2024-39866 Published on July 9, 2024
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.
Weakness Type
Privilege Defined With Unsafe Actions
A particular privilege, role, capability, or right can be used to perform unsafe actions that were not intended, even when it is assigned to the correct entity.
Products Associated with CVE-2024-39866
Want to know whenever a new CVE is published for Siemens Sinema Remote Connect Server? stack.watch will email you.
Affected Versions
Siemens SINEMA Remote Connect Server:- Before V3.2 SP1 is affected.
- Before V3.2 SP1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.