CVE-2024-46891

CWE-400 — Uncontrolled Resource Consumption CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

6.9MEDIUM

EPSS

1.1%

top 22.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec INS

Timeline

PublishedNov 12

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinec_ins< V1.0 SP2 Update 3

▶NVDsiemens/sinec_ins1.0+1

🔴Vulnerability Details

GHSA

GHSA-775q-3335-qhjr: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶

CVEList

CVE-2024-46891: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶