A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/html/ssa-915275.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 Nov 2024, 23:11
Type | Values Removed | Values Added |
---|---|---|
First Time |
Siemens sinec Ins
Siemens |
|
Summary |
|
|
CPE | cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:* |
|
References | () https://cert-portal.siemens.com/productcert/html/ssa-915275.html - Vendor Advisory |
12 Nov 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-12 13:15
Updated : 2024-11-13 23:11
NVD link : CVE-2024-46889
Mitre link : CVE-2024-46889
CVE.ORG link : CVE-2024-46889
JSON object : View
Products Affected
siemens
- sinec_ins
CWE
CWE-321
Use of Hard-coded Cryptographic Key