CRITICAL🇵🇱 Wersja polska

CVE-2024-46888

CVSS 9.4v4.0pub. 2024-11-12upd. 2024-11-13

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Siemens Sinec Ins

    APP
    Siemens
    1.0< 1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEPath Traversal
CWE
References

Related vulnerabilities

CVE-2024-46890CRITICAL9.4PL ✓ten sam produkt

Command injection w Siemens SINEC INS – wykonanie kodu na systemie operacyjnym

CVE-2022-45092CRITICAL9.9ten sam produkt

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote a...

CVE-2022-35255CRITICAL9.1ten sam produkt

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() ...

CVE-2021-22945CRITICAL9.1ten sam produkt

When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep...

CVE-2023-44487HIGH7.5⚠ KEVten sam produkt

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...