Siemens Sinec_ins
42 CVEs affecting Siemens Sinec_ins. Latest disclosed: 2026-06-09. Critical: 5, High: 15.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-46888 | Critical | 9.9 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths fo… |
CVE-2022-45092 | Critical | 9.9 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2024-46890 | Critical | 9.1 | 2024-11-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific… |
CVE-2022-35255 | Critical | 9.1 | 2022-12-05 | A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/c… |
CVE-2021-22945 | Critical | 9.1 | 2021-09-23 | When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and bo… |
CVE-2026-46748 | High | 8.8 | 2026-06-09 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_… |
CVE-2026-46746 | High | 8.8 | 2026-06-09 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/upl… |
CVE-2022-45093 | High | 8.5 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2022-45094 | High | 8.4 | 2023-01-10 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (… |
CVE-2023-48427 | High | 8.1 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configur… |
CVE-2022-32212 | High | 8.1 | 2022-07-14 | A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypas… |
CVE-2020-12762 | High | 7.8 | 2020-05-09 | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. |
CVE-2026-46749 | High | 7.5 | 2026-06-09 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a sta… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2021-3749 | High | 7.5 | 2021-08-31 | axios is vulnerable to Inefficient Regular Expression Complexity |
CVE-2020-7793 | High | 7.5 | 2020-12-11 | The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). |
CVE-2021-25217 | High | 7.4 | 2021-05-26 | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3… |
CVE-2022-2068 | High | 7.3 | 2022-06-21 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise she… |
CVE-2023-48428 | High | 7.2 | 2023-12-12 | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly… |
CVE-2021-23337 | High | 7.2 | 2021-02-15 | Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. |