Details of VAR-202411-0478

ID

VAR-202411-0478

CVE

CVE-2024-46889

TITLE

Siemens' SINEC INS Vulnerability related to the use of hard-coded encryption keys in

Trust: 0.8

sources: JVNDB: JVNDB-2024-012786

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. Siemens' SINEC INS contains a vulnerability related to the use of hardcoded encryption keys.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2024-46889 // JVNDB: JVNDB-2024-012786

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec ins	scope:	eq	version:	1.0	Trust: 1.0
vendor:	siemens	model:	sinec ins	scope:	lt	version:	1.0	Trust: 1.0
vendor:	シーメンス	model:	sinec ins	scope:	eq	version:	1.0	Trust: 0.8
vendor:	シーメンス	model:	sinec ins	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec ins	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2024-012786 // NVD: CVE-2024-46889

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com:	CVE-2024-46889
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2024-012786
value:	MEDIUM
Trust: 0.8

productcert@siemens.com:	CVE-2024-46889
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2024-012786
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2024-012786 // NVD: CVE-2024-46889

PROBLEMTYPE DATA

problemtype:	CWE-321	Trust: 1.0
problemtype:	Using hardcoded encryption keys (CWE-321) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-012786 // NVD: CVE-2024-46889

EXTERNAL IDS

db:	NVD	id:	CVE-2024-46889	Trust: 2.6
db:	SIEMENS	id:	SSA-915275	Trust: 1.8
db:	ICS CERT	id:	ICSA-24-319-08	Trust: 0.8
db:	JVN	id:	JVNVU96191615	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-012786	Trust: 0.8

sources: JVNDB: JVNDB-2024-012786 // NVD: CVE-2024-46889

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-915275.html	Trust: 1.8
url:	https://jvn.jp/vu/jvnvu96191615/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-46889	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08	Trust: 0.8

sources: JVNDB: JVNDB-2024-012786 // NVD: CVE-2024-46889

SOURCES

db:	JVNDB	id:	JVNDB-2024-012786
db:	NVD	id:	CVE-2024-46889

LAST UPDATE DATE

2024-11-16T22:16:53.347000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2024-012786	date:	2024-11-15T07:58:00
db:	NVD	id:	CVE-2024-46889	date:	2024-11-13T23:11:58.763

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2024-012786	date:	2024-11-15T00:00:00
db:	NVD	id:	CVE-2024-46889	date:	2024-11-12T13:15:09.200