ГлавнаяУязвимости → CVE-2024-46888
9.9критическая

CVE-2024-46888

→ есть в БДУ: BDU:2024-10307 (на русском)
Описание (на английском; русское — в БДУ выше)

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.

Затрагиваемое ПО
Siemens Sinec ins
CVSS
Балл9.9 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Источники
https://cert-portal.siemens.com/productcert/html/ssa-915275.html