SSA-332410 — Vulnetix

SSA-332410 PUBLISHED CVSS 9.800000190734863 CRITICAL

Siemens has released a new version for SINEC INS that fixes multiple vulnerabilities that could allow an attacker to read and write arbitrary files from the file system of the affected component and to ultimately execute arbitrary code on the device. In addition, this version also contains fixes for multiple vulnerabilities in underlying third party components. Siemens has released an update for SINEC INS and recommends to update to the latest version.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	SINEC INS

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-332410.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-332410.json advisory
https://support.industry.siemens.com/cs/ww/en/view/109815432/ fix

Open in Interactive Console →