Shodan
Vulnerabilities
Vulnerable Software
Siemens:  >> Sinema Remote Connect Server  >> 3.2  Security Vulnerabilities
CVE-2024-39865
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. As part of this backup, files can be restored without correctly checking the path of the restored file. This could allow an attacker with access to the backup encryption key to upload malicious files, that could potentially lead to remote code execution.
CVSS Score
8.8
EPSS Score
0.009
Published
2024-07-09
CVE-2024-39866
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows users to upload encrypted backup files. This could allow an attacker with access to the backup encryption key and with the right to upload backup files to create a user with administrative privileges.
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-09
CVE-2024-39867
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit device configuration information of devices for which they have no privileges.
CVSS Score
7.6
EPSS Score
0.004
Published
2024-07-09
CVE-2024-39570
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading VxLAN configurations. This could allow an authenticated attacker to execute arbitrary code with root privileges.
CVSS Score
8.8
EPSS Score
0.021
Published
2024-07-09
CVE-2024-39571
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 HF1). Affected applications are vulnerable to command injection due to missing server side input sanitation when loading SNMP configurations. This could allow an attacker with the right to modify the SNMP configuration to execute arbitrary code with root privileges.
CVSS Score
8.8
EPSS Score
0.016
Published
2024-07-09
CVE-2021-40438
Known exploited
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS Score
9.0
EPSS Score
0.944
Published
2021-09-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved