CVE-2022-45092
CVE-2022-45092
In short
An authenticated attacker with access to a SINEC INS device's web management interface can read and write any files on the device, potentially leading to remote code execution. This is critical because it allows complete compromise of the affected system.
Technical detail
Path traversal vulnerability (CWE-22) in SINEC INS web management interface (443/tcp) allows authenticated remote attackers to perform arbitrary file read/write operations on the device filesystem. Exploitation requires prior authentication but enables arbitrary code execution on the affected component.
Summary generated and translated by AI from the official description.
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected products
Siemens · SINEC INSWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →