VDB

CVE-2024-47563

CVE-2024-47563 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.

EPSS 0.22% · 44.7th percentile

Risk Scores

CVSS v3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
EPSS Score
0.22%
44.7th percentile

Affected Products

VendorProductVersions
siemenssinec_security_monitor0, 0, 0
siemenssinec_security_monitor0, 0, 0
SiemensSINEC Security Monitor0, 0, 0

Timeline

  • Oct 8, 2024 CVE Published
  • Oct 8, 2024 PoC Published
  • Oct 9, 2024 EPSS Score
  • Oct 10, 2024 PoC Published
  • Oct 14, 2024 Coalition ESS Score
  • Oct 28, 2024 EPSS Score
  • Nov 16, 2024 EPSS Score
  • Dec 5, 2024 EPSS Score
  • Dec 24, 2024 EPSS Score
  • Jan 12, 2025 EPSS Score
  • Jan 31, 2025 EPSS Score
  • Feb 19, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›