Vulnerability in SINEC INS Software by Siemens
CVE-2023-48431

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: SINEC INS
Vendor: CVE Published:; 12 December 2023

Summary

A vulnerability exists in SINEC INS software where it fails to properly validate responses from a UMC server. An attacker can exploit this flaw by setting up a malicious UMC server or manipulating the traffic from a legitimate server, potentially leading to system crashes and other disruptions. Immediate updates to version V1.0 SP2 Update 2 or later are recommended to mitigate this issue.

Affected Version(s)

SINEC INS All versions < V1.0 SP2 Update 2

References

https://cert-portal.siemens.com/productcert/pdf/ssa-07717...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 16, 2023