CVE-2024-22045 Vulnerability Details

  /     /     /  

CVE-2024-22045 Metadata Quick Info

CVE Published: 12/03/2024 | CVE Updated: 01/08/2024 | CVE Year: 2024
Source: siemens | Vendor: Siemens | Product: SINEMA Remote Connect Client
Status : PUBLISHED

---

CVE-2024-22045 Description

A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product.

Metrics

CVSS Version: 3.1 | Base Score: 7.6 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:P/RL:O/RC:C

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-538
CWE Name: CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
Source: Siemens

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).