cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-46894,https://securityvulnerability.io/vulnerability/CVE-2024-46894,Remotely exploitable vulnerability in SINEC INS allows attackers to access sensitive SFTP user config,"A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the ""/api/sftp/users"" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.",Siemens,Sinec Ins,6.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2024-11-12T12:49:45.831Z,0
CVE-2024-46892,https://securityvulnerability.io/vulnerability/CVE-2024-46892,Vulnerability in SINEC INS Could Allow Continued Malicious Actions After User Disabling,"A session management flaw has been identified in SINEC INS, where the application fails to properly invalidate user sessions when an associated user account is deleted, disabled, or when their permissions are modified. This vulnerability poses a risk as it enables an authenticated attacker to perform malicious activities even after their account has been rendered inactive. Effective remediation is critical to mitigate potential security breaches that could result from this oversight.",Siemens,Sinec Ins,8.1,HIGH,0.0004900000058114529,false,,false,false,false,,false,false,2024-11-12T12:49:44.470Z,0
CVE-2024-46891,https://securityvulnerability.io/vulnerability/CVE-2024-46891,Unauthenticated Remote Attack Could Trigger Denial of Service Condition Through Exhaustion of System Resources,A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.,Siemens,Sinec Ins,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-12T12:49:43.155Z,0
CVE-2024-46890,https://securityvulnerability.io/vulnerability/CVE-2024-46890,Invalid Input Validation in SINEC INS Leads to Arbitrary Code Execution,"A significant vulnerability in SINEC INS, specifically in all versions prior to V1.0 SP2 Update 3, arises from inadequate validation of user input targeting specific endpoints of its web API. This flaw enables an authenticated remote attacker with elevated privileges to potentially execute arbitrary code on the affected operating system. The lack of proper input validation increases the risk of exploitation, thereby highlighting the need for prompt updates and enhanced security measures.",Siemens,Sinec Ins,9.1,CRITICAL,0.0005099999834783375,false,,false,false,false,,false,false,2024-11-12T12:49:41.829Z,0
CVE-2024-46889,https://securityvulnerability.io/vulnerability/CVE-2024-46889,SINEC INS Vulnerability: Hard-Coded Cryptographic Key Material Exposes Configuration Files,A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.,Siemens,Sinec Ins,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-11-12T12:49:40.474Z,0
CVE-2024-46888,https://securityvulnerability.io/vulnerability/CVE-2024-46888,Arbitrary File Manipulation and Code Execution Vulnerability,"A vulnerability exists in the SINEC INS application that affects versions prior to V1.0 SP2 Update 3, which fails to properly sanitize user-provided path inputs during SFTP file uploads and downloads. This flaw enables authenticated remote attackers to manipulate arbitrary files on the system, potentially leading to unauthorized code execution. Organizations utilizing SINEC INS should evaluate their current version and apply necessary security updates to mitigate this significant risk.",Siemens,Sinec Ins,9.9,CRITICAL,0.0004900000058114529,false,,false,false,false,,false,false,2024-11-12T12:49:39.127Z,0
CVE-2023-48429,https://securityvulnerability.io/vulnerability/CVE-2023-48429,Parameter Length Validation Flaw in SINEC INS by Siemens,"A security flaw in the SINEC INS product allows unauthorized users to manipulate the Web UI by exploiting improper parameter length checks. When crafted requests are sent to the server, it can lead to server crashes followed by automatic restarts, potentially disrupting service availability and impacting critical operations.",Siemens,SINEC INS,2.7,LOW,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-48427,https://securityvulnerability.io/vulnerability/CVE-2023-48427,SINEC INS Vulnerability in Siemens Products,"A vulnerability exists in SINEC INS versions prior to V1.0 SP2 Update 2, where the application fails to correctly validate the certificate of the configured UMC server. This flaw can be exploited by attackers to intercept sensitive credentials transmitted to the UMC server and manipulate server responses. Such exploitation may lead to unauthorized privilege escalation, thereby raising security concerns for the affected users.",Siemens,SINEC INS,8.1,HIGH,0.0010000000474974513,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-48431,https://securityvulnerability.io/vulnerability/CVE-2023-48431,Vulnerability in SINEC INS Software by Siemens,"A vulnerability exists in SINEC INS software where it fails to properly validate responses from a UMC server. An attacker can exploit this flaw by setting up a malicious UMC server or manipulating the traffic from a legitimate server, potentially leading to system crashes and other disruptions. Immediate updates to version V1.0 SP2 Update 2 or later are recommended to mitigate this issue.",Siemens,SINEC INS,6.8,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-48430,https://securityvulnerability.io/vulnerability/CVE-2023-48430,Parameter Length Validation Issue in SINEC INS by Siemens,"A vulnerability has been identified in SINEC INS, where the REST API does not sufficiently validate the length of parameters under certain conditions. This oversight enables a malicious administrator to exploit the flaw by sending specifically crafted requests to the API. As a result, the server may crash and automatically restart, potentially leading to service interruptions and exposing the system to further attacks.",Siemens,SINEC INS,2.7,LOW,0.0006500000017695129,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2023-48428,https://securityvulnerability.io/vulnerability/CVE-2023-48428,Denial of Service and Command Execution in SINEC INS by Siemens,"A security flaw has been discovered in SINEC INS, where the radius configuration mechanism inadequately verifies uploaded certificates. This oversight enables a malicious administrator to upload a specially crafted certificate, which may lead to a denial-of-service condition or potentially execute unauthorized commands at the system level. Such a vulnerability poses serious risks to the operational integrity and security of affected systems.",Siemens,SINEC INS,7.2,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-12-12T12:15:00.000Z,0
CVE-2022-45094,https://securityvulnerability.io/vulnerability/CVE-2022-45094,Command Injection Vulnerability in SINEC INS by Siemens,"A command injection vulnerability has been detected in SINEC INS, specifically in all versions prior to V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management interface on port 443 could exploit this vulnerability to inject malicious commands into the DHCP configuration. If successfully exploited, this could lead to unauthorized execution of commands on the affected system, posing a significant risk to network security and integrity.",Siemens,Sinec Ins,8.4,HIGH,0.002739999908953905,false,,false,false,false,,false,false,2023-01-10T11:39:44.116Z,0
CVE-2022-45093,https://securityvulnerability.io/vulnerability/CVE-2022-45093,Remote Code Execution Vulnerability in SINEC INS by Siemens,"A vulnerability has been discovered in the SINEC INS product line by Siemens, affecting all versions prior to V1.0 SP2 Update 1. This flaw allows an authenticated remote attacker to exploit the Web Based Management interface (port 443) and the SFTP server (port 22) to read and manipulate arbitrary files on the device’s file system. If exploited, this could lead to the execution of arbitrary code on the affected system, posing a significant threat to security and operational integrity.",Siemens,Sinec Ins,8.5,HIGH,0.002689999993890524,false,,false,false,false,,false,false,2023-01-10T11:39:43.047Z,0
CVE-2022-45092,https://securityvulnerability.io/vulnerability/CVE-2022-45092,Remote Code Execution Vulnerability in SINEC INS by Siemens,"A vulnerability in SINEC INS allows authenticated remote attackers to access the Web Based Management interface (port 443/tcp). This access enables them to read and write arbitrary files within the device's file system, potentially allowing the execution of arbitrary code. Organizations utilizing affected versions should implement immediate security measures to mitigate risks.",Siemens,Sinec Ins,9.9,CRITICAL,0.002689999993890524,false,,false,false,false,,false,false,2023-01-10T11:39:41.994Z,0