SINEC INS (<V1.0 SP2 Update 2) REST API Length Check Bypass DoS
CVE-2023-48430 Published on December 12, 2023
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.
Weakness Type
Missing Report of Error Condition
The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.
Products Associated with CVE-2023-48430
Want to know whenever a new CVE is published for Siemens Sinec Ins? stack.watch will email you.
Affected Versions
Siemens SINEC INS Version All versions < V1.0 SP2 Update 2 is affected by CVE-2023-48430Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.