Siemens Sinec Ins
14 CVEs affecting Siemens Sinec Ins. Latest disclosed: 2024-11-12. Critical: 3, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46888 | Critical | 9.9 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths fo… |
CVE-2022-45092 | Critical | 9.9 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2024-46890 | Critical | 9.1 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific… |
CVE-2022-45093 | High | 8.5 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2022-45094 | High | 8.4 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2023-48427 | High | 8.1 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configur… |
CVE-2023-48428 | High | 7.2 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly… |
CVE-2023-48431 | Medium | 6.8 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an… |
CVE-2024-46894 | Medium | 6.3 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a use… |
CVE-2024-46891 | Medium | 5.3 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated… |
CVE-2024-46889 | Medium | 5.3 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obf… |
CVE-2024-46892 | Medium | 4.9 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the as… |
CVE-2023-48430 | Low | 2.7 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters i… |
CVE-2023-48429 | Low | 2.7 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in… |