VDB
CVE-2024-46892
CVE-2024-46892
PUBLISHED
CVSS 4.900000095367432 MEDIUM
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.
EPSS 0.14% · 34.7th percentile
Risk Scores
CVSS 3.1
4.900000095367432
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C
EPSS Score
0.14%
34.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINEC INS | 0 |
| siemens | sinec_ins | 0, 1.0, 1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-46892 (circl-sighting)
- CIRCL seen: CVE-2024-46892 (circl-sighting)
- CIRCL seen: CVE-2024-46892 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-915275.html (circl)
Timeline
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Published
- Nov 12, 2024 PoC Published
- Nov 12, 2024 PoC Published
- Nov 13, 2024 EPSS Score
- Nov 13, 2024 CVE Updated
- Nov 14, 2024 Coalition ESS Score
- Nov 14, 2024 PoC Published
- Dec 2, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 24, 2025 EPSS Score