CVE-2024-46892

MEDIUM

Siemens Sinec Ins < 1.0 - Insufficient Session Expiration

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled.

References (1)

Scores

CVSS v3 4.9
EPSS 0.0014
EPSS Percentile 34.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-613
Status published
Products (2)
siemens/sinec_ins 1.0 (5 CPE variants)
siemens/sinec_ins < 1.0
Published Nov 12, 2024
Tracked Since Feb 18, 2026