Sign-up

ID

VAR-202411-0480


CVE

CVE-2024-46894


TITLE

Siemens'  SINEC INS  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265

DESCRIPTION

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration. Siemens' SINEC INS contains an information disclosure vulnerability and an inappropriate default permission vulnerability.Information may be obtained and information may be tampered with

Trust: 1.62

sources: NVD: CVE-2024-46894 // JVNDB: JVNDB-2024-027265

AFFECTED PRODUCTS

vendor:siemensmodel:sinec insscope:lteversion:1.0

Trust: 1.0

vendor:siemensmodel:sinec insscope:eqversion:1.0

Trust: 1.0

vendor:シーメンスmodel:sinec insscope:eqversion:1.0

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:lteversion:1.0 and earlier

Trust: 0.8

vendor:シーメンスmodel:sinec insscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec insscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265 // NVD: CVE-2024-46894

CVSS

SEVERITY

CVSSV2

CVSSV3

productcert@siemens.com: CVE-2024-46894
value: MEDIUM

Trust: 1.0

nvd@nist.gov: CVE-2024-46894
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-46894
value: MEDIUM

Trust: 0.8

productcert@siemens.com: CVE-2024-46894
baseSeverity: MEDIUM
baseScore: 6.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 3.4
version: 3.1

Trust: 1.0

nvd@nist.gov: CVE-2024-46894
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2024-46894
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265 // NVD: CVE-2024-46894 // NVD: CVE-2024-46894

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

problemtype: Inappropriate default permissions (CWE-276) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265 // NVD: CVE-2024-46894

EXTERNAL IDS

db:NVDid:CVE-2024-46894

Trust: 2.6

db:SIEMENSid:SSA-915275

Trust: 1.8

db:JVNid:JVNVU96191615

Trust: 0.8

db:ICS CERTid:ICSA-24-319-08

Trust: 0.8

db:JVNDBid:JVNDB-2024-027265

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265 // NVD: CVE-2024-46894

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-915275.html

Trust: 1.8

url:https://jvn.jp/vu/jvnvu96191615/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-46894

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-319-08

Trust: 0.8

sources: JVNDB: JVNDB-2024-027265 // NVD: CVE-2024-46894

SOURCES

db:JVNDBid:JVNDB-2024-027265
db:NVDid:CVE-2024-46894

LAST UPDATE DATE

2025-08-23T20:22:55.040000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2024-027265date:2025-08-21T07:30:00
db:NVDid:CVE-2024-46894date:2025-08-20T19:09:37.417

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2024-027265date:2025-08-21T00:00:00
db:NVDid:CVE-2024-46894date:2024-11-12T13:15:10.193