cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-42344,https://securityvulnerability.io/vulnerability/CVE-2024-42344,SINEMA Remote Connect Client Vulnerability Could Compromise Confidentiality,A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the confidentiality of other users' configuration data.,Siemens,Sinema Remote Connect Client,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:47.430Z,0
CVE-2024-32006,https://securityvulnerability.io/vulnerability/CVE-2024-32006,Remote Connect Client Vulnerability Allows Bypass of Multi-Factor Authentication Without Logout,A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application does not expire the user session on reboot without logout. This could allow an attacker to bypass Multi-Factor Authentication.,Siemens,Sinema Remote Connect Client,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-09-10T09:36:29.757Z,0
CVE-2024-39567,https://securityvulnerability.io/vulnerability/CVE-2024-39567,Command Injection Vulnerability in SINEMA Remote Connect Client by Siemens,"A command injection vulnerability exists in SINEMA Remote Connect Client versions below 3.2 HF1. Due to inadequate server-side input sanitation when loading VPN configurations, an authenticated local attacker could exploit this flaw to execute arbitrary code with system privileges. This could lead to unauthorized access and manipulation of the affected systems, highlighting the critical need for timely updates to the application.",Siemens,Sinema Remote Connect Client,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39568,https://securityvulnerability.io/vulnerability/CVE-2024-39568,Command Injection Vulnerability in SINEMA Remote Connect Client by Siemens,"A vulnerability exists in the SINEMA Remote Connect Client of Siemens, where the system service is susceptible to command injection due to insufficient server-side input sanitation when loading proxy configurations. This flaw can be exploited by an authenticated local attacker, allowing execution of arbitrary code with system privileges, thereby potentially compromising the integrity and security of the affected systems.",Siemens,Sinema Remote Connect Client,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-39569,https://securityvulnerability.io/vulnerability/CVE-2024-39569,Command Injection Vulnerability in SINEMA Remote Connect Client by Siemens,"A vulnerability has been identified in the SINEMA Remote Connect Client, where the system service is susceptible to command injection due to inadequate server-side input sanitation during the loading of VPN configurations. This vulnerability enables an administrative remote attacker, running an associated SINEMA Remote Connect Server, to execute arbitrary code with system privileges on the client's system, potentially compromising the integrity and security of affected environments.",Siemens,Sinema Remote Connect Client,7.2,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,2024-07-09T12:15:00.000Z,0
CVE-2024-22045,https://securityvulnerability.io/vulnerability/CVE-2024-22045,SINEMA Remote Connect Client Vulnerability: Sensitive Information at Risk,"A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.",Siemens,Sinema Remote Connect Client,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-03-12T10:21:58.614Z,0
CVE-2021-31338,https://securityvulnerability.io/vulnerability/CVE-2021-31338,,A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.0 SP1). Affected devices allow to modify configuration settings over an unauthenticated channel. This could allow a local attacker to escalate privileges and execute own code on the device.,Siemens,Sinema Remote Connect Client,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,2021-08-19T10:00:11.000Z,0
CVE-2016-7165,https://securityvulnerability.io/vulnerability/CVE-2016-7165,,"A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), SIMATIC PCS 7 V7.1 (All versions), SIMATIC PCS 7 V8.0 (All versions), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions < V8.2 SP1), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2), SIMATIC STEP 7 V5.X (All versions < V5.5 SP4 HF11), SIMATIC WinCC (TIA Portal) Basic, Comfort, Advanced (All versions < V14), SIMATIC WinCC (TIA Portal) Professional V13 (All versions < V13 SP2), SIMATIC WinCC (TIA Portal) Professional V14 (All versions < V14 SP1), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1), SIMATIC WinCC V7.0 SP2 and earlier versions (All versions < V7.0 SP2 Upd 12), SIMATIC WinCC V7.0 SP3 (All versions < V7.0 SP3 Upd 8), SIMATIC WinCC V7.2 (All versions < V7.2 Upd 14), SIMATIC WinCC V7.3 (All versions < V7.3 Upd 11), SIMATIC WinCC V7.4 (All versions < V7.4 SP1), SIMIT V9.0 (All versions < V9.0 SP1), SINEMA Remote Connect Client (All versions < V1.0 SP3), SINEMA Server (All versions < V13 SP2), SOFTNET Security Client V5.0 (All versions), Security Configuration Tool (SCT) (All versions < V4.3 HF1), TeleControl Server Basic (All versions < V3.0 SP2), WinAC RTX 2010 SP2 (All versions), WinAC RTX F 2010 SP2 (All versions). Unquoted service paths could allow local Microsoft Windows operating system users to escalate their privileges if the affected products are not installed under their default path (""C:\Program Files\*"" or the localized equivalent).",Siemens,"Simatic Wincc,Simatic Wincc Runtime,Simatic Wincc \(tia Portal\),Simit,Simatic Pcs7,Simatic Step 7 \(tia Portal\),Simatic Pcs 7,Sinema Remote Connect,Simatic Step 7,Simatic Winac Rtx 2010,Softnet Security Client,Simatic Net Pc Software,Simatic It Production Suite,Telecontrol Basic,Security Configuration Tool,Primary Setup Tool,Sinema Server,Simatic Winac Rtx F 2010",6.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,false,false,2016-11-15T19:00:00.000Z,0