VDB
ICSA-22-258-05
ICSA-22-258-05
PUBLISHED
CVSS 7.5 HIGH
Multiple vulnerabilities affecting various third-party components of SINEC INS before V1.0 SP2 could allow an attacker to cause a denial of service condition, disclose sensitive data or violate the system integrity. Siemens has released an update for the SINEC INS and recommends to update to the latest version.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SINEC INS |
Timeline
- Sep 13, 2022 CVE Published
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-637483.json advisory
- https://cert-portal.siemens.com/productcert/txt/ssa-637483.txt advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-258-05.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-22-258-05 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://support.industry.siemens.com/cs/ww/en/view/109812610/ fix