VDB
CVE-2024-46894
CVE-2024-46894
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration.
EPSS 0.24% · 47.2th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
EPSS Score
0.24%
47.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | SINEC INS | 0 |
| siemens | sinec_ins | 0 |
| siemens | sinec_ins | 1.0, 1.0, 1.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-46894 (circl-sighting)
- CIRCL seen: CVE-2024-46894 (circl-sighting)
- CIRCL seen: CVE-2024-46894 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-915275.html (circl)
Timeline
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 Coalition ESS Score
- Nov 12, 2024 CVE Published
- Nov 12, 2024 PoC Published
- Nov 12, 2024 PoC Published
- Nov 13, 2024 EPSS Score
- Nov 14, 2024 PoC Published
- Dec 2, 2024 EPSS Score
- Dec 19, 2024 EPSS Score
- Jan 6, 2025 EPSS Score
- Jan 24, 2025 EPSS Score
- Feb 10, 2025 EPSS Score