CVE-2024-39872
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
Overview
- CVE ID
- CVE-2024-39872
- Assigner
- siemens
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-07-09T12:05:28.983Z
- Last Modified Date
- 2024-07-09T12:05:28.983Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-381581.html |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-39872 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39872 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-07-10 13:38:02 | Added to TrackCVE |