CVE-2024-46890

CWE-78 — OS Command Injection3 documents3 sources

Severity

9.4CRITICAL

EPSS

2.2%

top 15.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec INS

Timeline

PublishedNov 12

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5siemens/sinec_ins< V1.0 SP2 Update 3

▶NVDsiemens/sinec_ins< 1.0+1

🔴Vulnerability Details

GHSA

GHSA-gh66-hfff-5mf9: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶

CVEList

CVE-2024-46890: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶