A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 Jan 2023, 00:47
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* |
|
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf - Vendor Advisory | |
First Time |
Siemens sinec Ins
Siemens |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
10 Jan 2023, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-10 12:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45092
Mitre link : CVE-2022-45092
CVE.ORG link : CVE-2022-45092
JSON object : View
Products Affected
siemens
- sinec_ins
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')