Password Hashing Vulnerability in SINEC INS by Siemens
CVE-2026-46749
5MEDIUM
What is CVE-2026-46749?
A vulnerability affecting SINEC INS allows for potential unauthorized access due to a flawed password hashing implementation. Specifically, the application utilizes a hardcoded salt shared across all installations and users, combined with an inadequate number of iterations in the hashing process. This design flaw exposes user passwords to brute-force and precomputed attacks, compromising security and user confidentiality. It is recommended that users of SINEC INS apply the latest updates to mitigate these risks.
Affected Version(s)
SINEC INS 0