VDB

CVE-2024-46889

CVE-2024-46889 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.

EPSS 0.41% · 61.8th percentile

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
EPSS Score
0.41%
61.8th percentile

Affected Products

VendorProductVersions
SiemensSINEC INS0
siemenssinec_ins0, 1.0, 1.0
seimenssinec_ins0

Timeline

  • Nov 12, 2024 Coalition ESS Score
  • Nov 12, 2024 CVE Published
  • Nov 12, 2024 PoC Published
  • Nov 12, 2024 PoC Published
  • Nov 13, 2024 EPSS Score
  • Nov 13, 2024 Coalition ESS Score
  • Nov 13, 2024 CVE Updated
  • Nov 14, 2024 PoC Published
  • Dec 2, 2024 EPSS Score
  • Dec 19, 2024 EPSS Score
  • Jan 6, 2025 EPSS Score
  • Jan 23, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›