Siemens

Sinec Ins

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.12%
  • Veröffentlicht 09.06.2026 08:47:05
  • Zuletzt bearbeitet 12.06.2026 15:15:09

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an in...

  • EPSS 0.21%
  • Veröffentlicht 09.06.2026 08:46:55
  • Zuletzt bearbeitet 12.06.2026 15:33:16

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission ch...

  • EPSS 0.24%
  • Veröffentlicht 09.06.2026 08:46:54
  • Zuletzt bearbeitet 12.06.2026 15:28:46

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal thr...

  • EPSS 0.45%
  • Veröffentlicht 09.06.2026 08:46:53
  • Zuletzt bearbeitet 12.06.2026 18:08:28

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input in the /api/sftp/uploadFiles endpoint, allowing the injection of shell command payloads via crafted directory n...

  • EPSS 0.26%
  • Veröffentlicht 12.11.2024 13:15:10
  • Zuletzt bearbeitet 20.08.2025 19:09:37

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacke...

  • EPSS 0.29%
  • Veröffentlicht 12.11.2024 13:15:09
  • Zuletzt bearbeitet 13.11.2024 23:13:06

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an...

  • EPSS 0.5%
  • Veröffentlicht 12.11.2024 13:15:09
  • Zuletzt bearbeitet 20.08.2025 19:11:08

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of...

  • EPSS 0.72%
  • Veröffentlicht 12.11.2024 13:15:09
  • Zuletzt bearbeitet 13.11.2024 23:12:39

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high priv...

  • EPSS 0.29%
  • Veröffentlicht 12.11.2024 13:15:09
  • Zuletzt bearbeitet 13.11.2024 23:11:58

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key ma...

  • EPSS 0.88%
  • Veröffentlicht 12.11.2024 13:15:08
  • Zuletzt bearbeitet 13.11.2024 23:11:24

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to m...