A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-077170.pdf | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2023-12-12T11:27:22.091Z
Updated: 2023-12-12T11:27:22.091Z
Reserved: 2023-11-16T16:30:40.849Z
Link: CVE-2023-48430
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-12T12:15:15.433
Modified: 2023-12-14T19:37:28.207
Link: CVE-2023-48430
JSON object: View
Redhat Information
No data.