SINEC INS <V1.0 SP2 Update 6 Weak PasswordHashing
CVE-2026-46749 Published on June 9, 2026
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.
Weakness Type
Use of a One-Way Hash with a Predictable Salt
The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software uses a predictable salt as part of the input.
Products Associated with CVE-2026-46749
Want to know whenever a new CVE is published for Siemens Sinec Ins? stack.watch will email you.
Affected Versions
Siemens SINEC INS:- Before V1.0 SP2 Update 6 is affected.