Vulnerabilities for Sinec ins (...) - CXSECURITY.COM

Vulnerabilities for 'Sinec ins'

2023-12-12

CVE-2023-48427

CWE-295

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an attacker to intercept credentials that are sent to the UMC server as well as to manipulate responses, potentially allowing an attacker to escalate privileges.

CVE-2023-48428

CWE-78

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service condition or potentially issue commands on system level.

CVE-2023-48429

CWE-754

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The server will automatically restart.

CVE-2023-48430

CWE-noinfo

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

CVE-2023-48431

CWE-754

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC server or by manipulating the traffic from a legitimate UMC server (i.e. leveraging CVE-2023-48427).

>>> Vendor: Siemens 653 Products

Speedstream wireless router

Gigaset se361 wlan router

Speedstream 6520

Speedstream 5200

Gigaset wlan camera

Gigaset c450 ip

Gigaset c475 ip

Gigaset se461 wimax router

Simatic wincc flexible runtime

Simatic wincc runtime

Tecnomatix factorylink

Simatic hmi panels

Wincc flexible runtime

Wincc runtime advanced

Automation license manager

Scalance s firmware

Scalance x-300 firmware

Scalance x-300eec firmware

Scalance x308-2m firmware

Scalance x414-3e firmware

Scalance xr-300 firmware

Scalance x-300eec

Scalance x308-2m

Scalance x414-3e

Scalance xr-300

Simatic s7-400 cpu 412-2 pn

Simatic s7-400 cpu 414-3 pn/dp

Simatic s7-400 cpu 414f-3 pn/dp

Simatic s7-400 cpu 416-3 pn/dp

Simatic s7-400 cpu 416f-3 pn/dp

Simatic s7-400 cpu firmware

Synco ozw web server

Synco ozw web server firmware

Simatic s7-1200 plc

Sipass integrated

Simatic rf-manager

Simatic rf-manager 2008

Wincc tia portal

Scalance x204irt

Scalance x202-2irt

Scalance x202-2p irt

Scalance x201-3p irt

Scalance x200-4p irt

Scalance xf204irt

Scalance x200irt firmware

Openscape session border controller

Enterprise openscape branch

Scalance w744-1

Scalance w744-1pro

Scalance w746-1

Scalance w746-1pro

Scalance w747-1

Scalance w747-1rr

Scalance w784-1

Scalance w784-1rr

Scalance w786-1pro

Scalance w786-2pro

Scalance w786-2rr

Scalance w786-3pro

Scalance w788-1pro

Scalance w788-1rr

Scalance w788-2pro

Scalance w788-2rr

Scalance w700 series firmware

Scalance x-200rna

Scalance xf-200

Scalance x-200 series firmware

See all Products for Vendor Siemens

Copyright 2024, cxsecurity.com