SINEC INS Vulnerability: Hard-Coded Cryptographic Key Material Exposes Configuration Files

CVE-2024-46889

5.3MEDIUM

Key Information

Vendor
Siemens
Status
Sinec Ins
Vendor
CVE Published:
12 November 2024

Summary

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.

Affected Version(s)

SINEC INS < 0

Refferences

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.