CVE-2024-46892

CWE-613 — Insufficient Session Expiration3 documents3 sources

Severity

6.9MEDIUM

EPSS

0.1%

top 65.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec INS

Timeline

PublishedNov 12

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinec_ins< V1.0 SP2 Update 3

▶NVDsiemens/sinec_ins< 1.0+1

🔴Vulnerability Details

GHSA

GHSA-76f5-r74w-9h63: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶

CVEList

CVE-2024-46892: A vulnerability has been identified in SINEC INS (All versions < V1↗2024-11-12

▶