CVE-2026-46749

HIGH

Siemens Sinec Ins < V1.0 SP2 Update 6 - Use of a One-Way Hash with a Predictable Salt

Title source: rule
STIX 2.1

Description

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

Scores

CVSS v3 7.5
EPSS 0.0012
EPSS Percentile 2.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-760
Status published
Products (3)
Siemens/SINEC INS < V1.0 SP2 Update 6
siemens/sinec_ins 1.0 sp1 (7 CPE variants)
siemens/sinec_ins < 1.0
Published Jun 09, 2026
Tracked Since Jun 09, 2026