CPE-15887B3A-CF68-463B-AF95-07A03A42081C Detail

CPE Details

Siemens SINEC INS 1.0 Service Pack 2 Update 2

Vendor

siemens

Product

sinec_ins

Version

1.0

Created

2024-12-27
14h55 +00:00

Modified

2024-12-27
14h55 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2::::::

Informations

Vendor

siemens

Product

sinec_ins

Version

1.0

Update

sp2_update_2

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-46892	2024-11-12 12h49 +00:00	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.	6.9	Medium
CVE-2024-46890	2024-11-12 12h49 +00:00	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.	9.4	Critical
CVE-2024-46889	2024-11-12 12h49 +00:00	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.	6.9	Medium
CVE-2024-46888	2024-11-12 12h49 +00:00	A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.	9.4	Critical
CVE-2021-22945	2021-09-22 22h00 +00:00	When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.	9.1	Critical

Siemens SINEC INS 1.0 Service Pack 2 Update 2

CPE Details

CPE Name: cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2::::::