Описание
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.0 (исключая)
Одно из
cpe:2.3:a:siemens:sinec_ins:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:-:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00102
Низкий
2.7 Low
CVSS3
Дефекты
CWE-392
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 2.7
github
около 2 лет назад
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
EPSS
Процентиль: 29%
0.00102
Низкий
2.7 Low
CVSS3
Дефекты
CWE-392
NVD-CWE-noinfo