Password Hashing Vulnerability in SINEC INS by Siemens
CVE-2026-46749

5MEDIUM

Key Information:

Vendor

Siemens

Status
Vendor
CVE Published:
9 June 2026

What is CVE-2026-46749?

A vulnerability affecting SINEC INS allows for potential unauthorized access due to a flawed password hashing implementation. Specifically, the application utilizes a hardcoded salt shared across all installations and users, combined with an inadequate number of iterations in the hashing process. This design flaw exposes user passwords to brute-force and precomputed attacks, compromising security and user confidentiality. It is recommended that users of SINEC INS apply the latest updates to mitigate these risks.

Affected Version(s)

SINEC INS 0

References

CVSS V4

Score:
5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.