Sign-up

ID

VAR-202411-0477


CVE

CVE-2024-46890


TITLE

Siemens'  SINEC INS  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. Siemens' SINEC INS for, OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2024-46890 // JVNDB: JVNDB-2024-012756

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:ltversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion:1.0

Trust: 0.8

vendor:シーメンスmodel:sinec insscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756 // NVD: CVE-2024-46890

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-46890
value: CRITICAL

Trust: 1.0

OTHER: JVNDB-2024-012756
value: CRITICAL

Trust: 0.8

productcert@siemens.com: CVE-2024-46890
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.3
impactScore: 6.0
version: 3.1

Trust: 1.0

OTHER: JVNDB-2024-012756
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756 // NVD: CVE-2024-46890

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756 // NVD: CVE-2024-46890

EXTERNAL IDS

db:NVDid:CVE-2024-46890

Trust: 2.6

db:SIEMENSid:SSA-915275

Trust: 1.8

db:ICS CERTid:ICSA-24-319-08

Trust: 0.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:JVNDBid:JVNDB-2024-012756

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756 // NVD: CVE-2024-46890

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu96191615/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46890

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08

Trust: 0.8

sources: JVNDB: JVNDB-2024-012756 // NVD: CVE-2024-46890

SOURCES

db:JVNDBid:JVNDB-2024-012756
db:NVDid:CVE-2024-46890

LAST UPDATE DATE

2024-11-16T21:48:39.542000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-012756date:2024-11-15T06:46:00
db:NVDid:CVE-2024-46890date:2024-11-13T23:12:39.993

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-012756date:2024-11-15T00:00:00
db:NVDid:CVE-2024-46890date:2024-11-12T13:15:09.463