Vulnerabilities > CVE-2024-46892 - Insufficient Session Expiration vulnerability in Siemens Sinec INS 1.0

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

siemens

CWE-613

NVD

Published: 2024-11-12

Updated: 2024-11-13

Summary

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinec INS 1.0 Siemens Sinec INS -	6

Common Weakness Enumeration (CWE)

CWE-613 - Insufficient Session Expiration

References

https://cert-portal.siemens.com/productcert/html/ssa-915275.html