SINEC INS < V1.0 SP2 Update 3 Hard-coded Key CVE-2024-46889
CVE-2024-46889 Published on November 12, 2024
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files.
Weakness Type
Use of Hard-coded Cryptographic Key
The use of a hard-coded cryptographic key significantly increases the possibility that encrypted data may be recovered.
Products Associated with CVE-2024-46889
Want to know whenever a new CVE is published for Siemens Sinec Ins? stack.watch will email you.
Affected Versions
Siemens SINEC INS:- Before V1.0 SP2 Update 3 is affected.
- Before V1.0 SP2 Update 3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.