CVE-2026-46749
HIGHSiemens Sinec Ins < V1.0 SP2 Update 6 - Use of a One-Way Hash with a Predictable Salt
Title source: ruleDescription
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
References (1)
Core 1
Core References
Scores
CVSS v3
7.5
EPSS
0.0012
EPSS Percentile
2.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-760
Status
published
Products (3)
Siemens/SINEC INS
< V1.0 SP2 Update 6
siemens/sinec_ins
1.0 sp1 (7 CPE variants)
siemens/sinec_ins
< 1.0
Published
Jun 09, 2026
Tracked Since
Jun 09, 2026