Siemens

Sinec Ins

42 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.62%
  • Veröffentlicht 12.12.2023 12:15:15
  • Zuletzt bearbeitet 21.11.2024 08:31:42

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and config...

  • EPSS 0.59%
  • Veröffentlicht 12.12.2023 12:15:15
  • Zuletzt bearbeitet 21.11.2024 08:31:42

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafte...

  • EPSS 0.59%
  • Veröffentlicht 12.12.2023 12:15:15
  • Zuletzt bearbeitet 21.11.2024 08:31:42

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted ...

  • EPSS 0.5%
  • Veröffentlicht 12.12.2023 12:15:14
  • Zuletzt bearbeitet 21.11.2024 08:31:42

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resultin...

  • EPSS 0.38%
  • Veröffentlicht 12.12.2023 12:15:14
  • Zuletzt bearbeitet 21.11.2024 08:31:42

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the U...

Warnung Medienbericht Exploit
  • EPSS 100%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 12.05.2026 15:10:32

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • EPSS 1.38%
  • Veröffentlicht 10.01.2023 12:15:23
  • Zuletzt bearbeitet 21.11.2024 07:28:46

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configur...

  • EPSS 1.17%
  • Veröffentlicht 10.01.2023 12:15:23
  • Zuletzt bearbeitet 21.11.2024 07:28:46

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected ...

  • EPSS 31.44%
  • Veröffentlicht 10.01.2023 12:15:23
  • Zuletzt bearbeitet 21.11.2024 07:28:45

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and...

Exploit
  • EPSS 1.87%
  • Veröffentlicht 05.12.2022 22:15:10
  • Zuletzt bearbeitet 24.04.2025 14:15:32

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, i...