June 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
APT41 aka BlackFly – Active IOCs
July 12, 2024Multiple Adobe Products Vulnerabilities
July 12, 2024APT41 aka BlackFly – Active IOCs
July 12, 2024Multiple Adobe Products Vulnerabilities
July 12, 2024
Severity
High
Analysis Summary
CVE-2024-39868 CVSS:8.6
Siemens SINEMA Remote Connect Server could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access and edit VxLAN configuration.
CVE-2024-39569 CVSS:7.8
Siemens SINEMA Remote Connect could allow a local authenticated attacker to execute arbitrary code on the system, caused by a command injection flaw when loading VPN configurations. By sending a specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code with system privileges.
CVE-2024-39867 CVSS:8.6
Siemens SINEMA Remote Connect Server could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access and edit device configuration.
CVE-2024-39872 CVSS:9.6
Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by not properly assign rights to temporary files during update. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges on the underlying OS level.
CVE-2024-39866 CVSS:8.8
Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to bypass security restrictions, caused by improper privilege management. By uploading a specially crafted back file, an attacker could exploit this vulnerability to create a user with administrative privileges.
CVE-2024-32056 CVSS:7.8
Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write flaw. By persuading a victim to open a specially crafted IGS part file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2024-33653 CVSS:7.8
Siemens Simcenter Femap could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read flaw. By persuading a victim to open a specially crafted BMP file, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current process.
CVE-2024-39865 CVSS:8.8
Siemens SINEMA Remote Connect Server could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
CVE-2024-39874 CVSS:7.5
Siemens SINEMA Remote Connect Server could allow a remote attacker to obtain sensitive information, caused by not properly implement brute force protection against user credentials in its Client Communication component. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2024-39888 CVSS:7.5
Siemens Mendix Encryption could allow a remote attacker to obtain sensitive information, caused by the use of a hard-coded default value for the EncryptionKey constant. By utilize cryptographic attack techniques, an attacker could exploit this vulnerability to obtain project data information, and use this information to launch further attacks against the affected system.
CVE-2024-39873 CVSS:7.5
Siemens SINEMA Remote Connect Server could allow a remote attacker to obtain sensitive information, caused by not properly implement brute force protection against user credentials in its web API. By utilize brute force attack techniques, an attacker could exploit this vulnerability to obtain credentials information, and use this information to launch further attacks against the affected system.
CVE-2024-39675 CVSS:8.8
Siemens RUGGEDCOM ROS could allow a remote attacker to obtain sensitive information, caused by incorrectly enable the Modbus service in some configurations. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain system information, and use this information to launch further attacks against the affected system.
Impact
- Security Bypass
- Gain Access
- Information Disclosure
Indicators of Compromise
CVE
- CVE-2024-39868
- CVE-2024-39569
- CVE-2024-39867
- CVE-2024-39872
- CVE-2024-39866
- CVE-2024-32056
- CVE-2024-33653
- CVE-2024-39865
- CVE-2024-39874
- CVE-2024-39888
- CVE-2024-39873
- CVE-2024-39675
Affected Vendors
Siemens
Affected Products
- Siemens Simcenter Femap
- Siemens SINEMA Remote Connect Client
- Siemens SINEMA Remote Connect Server 3.2
- Siemens Mendix Encryption V10.0.0
- Siemens RUGGEDCOM i800 0
- Siemens RUGGEDCOM i800NC 0
- Siemens RUGGEDCOM i801 0
- Siemens RUGGEDCOM i801NC 0
Remediation
Refer to Siemens Security Advisory for patch, upgrade or suggested workaround information.