A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XSiemens Sinec Ins
APPSiemens1.0< 1.0
Related vulnerabilities
Command injection w Siemens SINEC INS – wykonanie kodu na systemie operacyjnym
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote a...
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() ...
When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep...
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...