VDB
CVE-2024-46890
CVE-2024-46890
PUBLISHED
CVSS 9.100000381469727 CRITICAL
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.
EPSS 2.24% · 84.9th percentile
Risk Scores
CVSS 3.1
9.100000381469727
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
EPSS Score
2.24%
84.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| siemens | sinec_ins | 1.0, 1.0, 1.0 |
| Siemens | SINEC INS | 0 |
| seimens | sinec_ins | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-46890 (circl-sighting)
- CIRCL seen: CVE-2024-46890 (circl-sighting)
- CIRCL seen: CVE-2024-46890 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-915275.html (circl)
Timeline
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Published
- Nov 12, 2024 PoC Published
- Nov 12, 2024 PoC Published
- Nov 13, 2024 EPSS Score
- Nov 13, 2024 Coalition ESS Score
- Nov 14, 2024 Coalition ESS Score
- Nov 14, 2024 PoC Published
- Dec 2, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Feb 10, 2025 EPSS Score