CVE-2024-42344 MEDIUM

CVE-2024-42344

Vendor Siemens
Product SINEMA Remote Connect Client
Weakness CWE-532 · Sensitive info in logs
Published September 10, 2024
Last update September 10, 2024

CVSS base score

4.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.

Key dates

02Disclosure timeline

September 10, 2024 CVE published
September 10, 2024 Record updated

Related vulnerabilities

04Related CVE