March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apple Products Vulnerabilities
December 31, 2024Multiple Adobe Products Vulnerabilities
December 31, 2024Multiple Apple Products Vulnerabilities
December 31, 2024Multiple Adobe Products Vulnerabilities
December 31, 2024
Severity
Medium
Analysis Summary
CVE-2024-39875 CVSS:4.3
Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to obtain sensitive information, caused by incorrect permission assignment. By sending a specially crafted request, an attacker could exploit this vulnerability to retrieve details about other users and group memberships, and use this information to launch further attacks against the affected system.
CVE-2024-38278 CVSS:6.6
Siemens RUGGEDCOM ROS could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when incorrectly enabled IP forwarding. By sending a specially crafted request, an attacker could exploit this vulnerability to create a remote shell to the system.
Impact
- Information Disclosure
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-39875
- CVE-2024-38278
Affected Vendors
Siemens
Affected Products
- Siemens SINEMA Remote Connect Server 3.2
- Siemens RUGGEDCOM i800 0
- Siemens RUGGEDCOM i800NC 0
- Siemens RUGGEDCOM i801 0
- Siemens RUGGEDCOM i801NC 0
- Siemens RUGGEDCOM i802 0
- Siemens RUGGEDCOM i802NC 0
- Siemens RUGGEDCOM i803 0
- Siemens RUGGEDCOM i803NC 0
- Siemens RUGGEDCOM M2100 0
- Siemens RUGGEDCOM RMC8388 V5.X 0
- Siemens RUGGEDCOM RMC8388NC V4.X 0
- Siemens RUGGEDCOM RMC8388NC V5.X 0
- Siemens RUGGEDCOM RSG920P V4.X 0
- Siemens RUGGEDCOM RSG920P V5.X 0
- Siemens RUGGEDCOM RST916P 0
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.