CVE-2024-47563
MEDIUMSiemens SINEC Security Monitor < V4.9.0 - Path Traversal
Title source: llmDescription
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.
References (1)
Core 1
Core References
Third Party Advisory
https://cert-portal.siemens.com/productcert/html/ssa-430425.html
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
44.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
siemens/sinec_security_monitor
< 4.9.0
Published
Oct 08, 2024
Tracked Since
Feb 18, 2026