CVE-2026-46749
SINEC INS before V1.0 SP2 Update 6 is affected by multiple vulnerabilities. Siemens has released a new version for SINEC INS and recommends to update to the latest version. The following versions of Siemens SINEC INS are affected: SINEC INS vers:intdot/ CVSS Vendor Equipment Vulnerabilities v3 8.8 Siemens Siemens SINEC INS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Path Traversal: '/dir/../filename', Execution with Unnecessary Privileges, Use of a One-Way Hash with a Predictable Salt Background Critical Infrastructure Sectors: Critical Manufacturing, Transportation Systems, Energy, Healthcare and Public Health, Financial Services, Government Services and Facilities Countries/Areas Deployed: Worldwide Company Headquarters Location: Germany
EPSS 0.12% · 2.2th percentile
Risk Scores
Timeline
- Jun 9, 2026 CVE Published
- Jun 9, 2026 CVE Updated
- Jun 10, 2026 Coalition ESS Score
- Jun 23, 2026 EPSS Score
References
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-174-04 advisory
- https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-174-04.json advisory
- https://www.cve.org/CVERecord?id=CVE-2026-46746 technical
- https://support.industry.siemens.com/cs/ww/en/view/110002283/ vendor
- https://cwe.mitre.org/data/definitions/78.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H technical
- https://www.cve.org/CVERecord?id=CVE-2026-46747 technical
- https://cwe.mitre.org/data/definitions/26.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N technical
- https://www.cve.org/CVERecord?id=CVE-2026-46748 technical
- https://cwe.mitre.org/data/definitions/250.html technical
- https://www.cve.org/CVERecord?id=CVE-2026-46749 technical
- https://cwe.mitre.org/data/definitions/760.html technical
- https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H technical