Full Report
SINEMA Remote Connect Client before V3.1 SP1 is affected by an information disclosure vulnerability. Siemens has released updates for the affected products and recommends to update to the latest versions.
Analysis Summary
# Vulnerability: Information Disclosure in SINEMA Remote Connect Client
## CVE Details
- **CVE ID:** CVE-2024-22045
- **CVSS Score:** 7.6 (High) - CVSS v3.1 / 6.1 (Medium) - CVSS v4.0
- **CWE:** CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory
## Affected Systems
- **Products:** SINEMA Remote Connect Client
- **Versions:** All versions prior to V3.1 SP1
- **Configurations:** Systems where logs are accessible to users or viewed via the product's web interface.
## Vulnerability Description
The SINEMA Remote Connect Client improperly handles sensitive data by recording it into log files/directories or displaying it via the web interface. These locations are accessible to actors who may have legitimate access to the files or the interface, but who should not have authorization to view the sensitive credentials or configuration data contained within them.
## Exploitation
- **Status:** Not exploited (No reports of active exploitation in the wild; PoC not public at time of advisory).
- **Complexity:** Low
- **Attack Vector:** Network (Information can be accessed via the web interface).
## Impact
- **Confidentiality:** High (Sensitive information, such as VPN credentials, may be exposed).
- **Integrity:** Low (Modified impact score based on potential secondary use of disclosed info).
- **Availability:** None
## Remediation
### Patches
- **Update to SINEMA Remote Connect Client V3.1 SP1** or a later version.
- Download link for the update: hxxps[://]support[.]industry[.]siemens[.]com/cs/ww/en/view/109817939/
### Workarounds
The advisory emphasizes that updating is the primary remediation. To fully mitigate the risk after updating, administrators must perform the following manual steps:
1. **Clear Logs:** Backup and clear existing log files to remove previously recorded sensitive information.
2. **Rotate Credentials:** Change VPN credentials (passwords/keys) that may have been compromised by exposure in historical logs.
## Detection
- **Indicators of Compromise:** Unusual access patterns to log directories or unauthorized logins using VPN credentials associated with the client.
- **Detection methods:** Audit file system permissions for log directories and review web server access logs for the SINEMA Remote Connect Client interface.
## References
- **Siemens Security Advisory:** hxxps[://]cert-portal[.]siemens[.]com/productcert/html/ssa-653855[.]html
- **Siemens Industrial Security Guidelines:** hxxps[://]www[.]siemens[.]com/cert/operational-guidelines-industrial-security