A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:LSiemens Sinec Ins
APPSiemens1.0< 1.0
Related vulnerabilities
Path Traversal w SINEC INS umożliwia RCE przez SFTP
Command injection w Siemens SINEC INS – wykonanie kodu na systemie operacyjnym
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote a...
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() ...
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep...