Siemens Sinec Ins vulnerabilities

CVE-2024-46888 [CRITICAL] CWE-22 CVE-2024-46888: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.

CVE-2024-46890 [CRITICAL] CWE-78 CVE-2024-46890: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.

CVE-2024-46889 [MEDIUM] CWE-321 CVE-2024-46889: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.

CVE-2024-46891 [MEDIUM] CWE-400 CVE-2024-46891: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.

CVE-2024-46892 [MEDIUM] CWE-613 CVE-2024-46892: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has be

CVE-2024-46894 [MEDIUM] CWE-200 CVE-2024-46894: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected ap A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that confi

CVE-2023-48427 [HIGH] CWE-295 CVE-2023-48427: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected produc A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.

CVE-2023-48431 [MEDIUM] CVE-2023-48431: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected softwa A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE

CVE-2023-48428 [HIGH] CWE-78 CVE-2023-48428: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius conf A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.

CVE-2023-48430 [LOW] CWE-392 CVE-2023-48430: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

CVE-2023-48429 [LOW] CWE-394 CVE-2023-48429: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of a A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.

CVE-2022-45094 [HIGH] CWE-77 CVE-2022-45094: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the a

CVE-2022-45092 [CRITICAL] CWE-22 CVE-2022-45092: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on th

CVE-2022-45093 [HIGH] CWE-22 CVE-2022-45093: A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticate A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system.

CVE-2022-35255 [CRITICAL] CWE-338 CVE-2022-35255: A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with Entrop A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data

CVE-2022-35256 [MEDIUM] CWE-444 CVE-2022-35256: The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that ar The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

CVE-2022-32212 [HIGH] CWE-284 CVE-2022-32212: A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to a A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

CVE-2022-32215 [MEDIUM] CWE-444 CVE-2022-32215: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS).

CVE-2022-32222 [MEDIUM] CWE-310 CVE-2022-32222: A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

CVE-2022-32213 [MEDIUM] CWE-444 CVE-2022-32213: The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).