CVE-2024-32006

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Sep 10, 2024

CWE ID 613

Summary

CVE-2024-32006 is a vulnerability found in all versions of the SINEMA Remote Connect Client prior to V3.2 SP2, where user sessions are not terminated upon reboot unless explicitly logged out, potentially allowing attackers to circumvent Multi-Factor Authentication. The vulnerability scores a base severity of medium with an exploitability score of 2.8, indicating that it requires low privileges and offers a low attack complexity with no user interaction needed. Organizations using this software are at risk of unauthorized access due to this session management flaw. To remediate the issue, it is advised to update to version V3.2 SP2 or later as recommended by the vendor. Further details on the vulnerability can be found in the Siemens product certification documentation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database