Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
siemens sinec ins - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-45093
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could pot...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
8.8
CVSSv3
CVE-2022-45094
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected produ...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
8.8
CVSSv3
CVE-2022-45092
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file ...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
9.8
CVSSv3
CVE-2023-48427
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the certificate of the configured UMC server. This could allow an malicious user to intercept credentials that are sent to the UMC server as well as ...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
7.2
CVSSv3
CVE-2023-48428
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected products does not correctly check uploaded certificates. A malicious admin could upload a crafted certificate resulting in a denial-of-service co...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
2.7
CVSSv3
CVE-2023-48429
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the server. The ...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
2.7
CVSSv3
CVE-2023-48430
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The s...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
8.6
CVSSv3
CVE-2023-48431
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the response received by an UMC server. An attacker can use this to crash the affected software by providing and configuring a malicious UMC serve...
Siemens Sinec Ins 1.0
Siemens Sinec Ins
5.3
CVSSv3
CVE-2022-32222
A cryptographic vulnerability exists on Node.js on linux in versions of 18.x before 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to O...
Nodejs Node.js
Siemens Sinec Ins 1.0
Siemens Sinec Ins
1 Github repository
5.9
CVSSv3
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host or IP address.
Axios Axios
Siemens Sinec Ins 1.0
Siemens Sinec Ins
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »