Sign-up

ID

VAR-202411-0476


CVE

CVE-2024-46892


TITLE

Siemens'  SINEC INS  Session deadline vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled. Siemens' SINEC INS contains a session expiration vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-46892 // JVNDB: JVNDB-2024-012785

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion:1.0

Trust: 0.8

vendor:シーメンスmodel:sinec insscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785 // NVD: CVE-2024-46892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-46892
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2024-46892
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-46892
value: HIGH

Trust: 0.8

nvd@nist.gov: CVE-2024-46892
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-46892
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-46892
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785 // NVD: CVE-2024-46892 // NVD: CVE-2024-46892

PROBLEMTYPE DATA

problemtype:CWE-613

Trust: 1.0

problemtype:Inappropriate session deadline (CWE-613) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785 // NVD: CVE-2024-46892

EXTERNAL IDS

db:NVDid:CVE-2024-46892

Trust: 2.6

db:SIEMENSid:SSA-915275

Trust: 1.8

db:ICS CERTid:ICSA-24-319-08

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012785

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785 // NVD: CVE-2024-46892

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu96191615/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46892

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08

Trust: 0.8

sources: JVNDB: JVNDB-2024-012785 // NVD: CVE-2024-46892

SOURCES

db:JVNDBid:JVNDB-2024-012785
db:NVDid:CVE-2024-46892

LAST UPDATE DATE

2024-11-16T19:59:23.265000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-012785date:2024-11-15T07:58:00
db:NVDid:CVE-2024-46892date:2024-11-13T23:13:06.400

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-012785date:2024-11-15T00:00:00
db:NVDid:CVE-2024-46892date:2024-11-12T13:15:09.940