Invalid File Path Validation in SINEC Security Monitor Could Lead to File Compromise

CVE-2024-47563

5.3MEDIUM

Key Information

Vendor
Siemens
Status
Siemens Sinec Security Monitor
Vendor
CVE Published:
8 October 2024

Summary

A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.

Affected Version(s)

Siemens SINEC Security Monitor < 0

Refferences

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.