CVE-2023-48430

Low

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the…

siemens·CWE-392·Published 2023-12-12

CVSS

2.7

EPSS

0.01

KEV

Exploits

cve.orgen

310 chars

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the length of parameters in certain conditions. This allows a malicious admin to crash the server by sending a crafted request to the API. The server will automatically restart.

NVDen

310 chars

NVDes

367 chars

Se ha identificado una vulnerabilidad en SINEC INS (Todas las versiones < V1.0 SP2 Update 2). La API REST de los dispositivos afectados no comprueba la longitud de los parámetros en determinadas condiciones. Esto permite que un administrador malintencionado bloquee el servidor enviando una solicitud manipulada a la API. El servidor se reiniciará automáticamente.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	2.7	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.1	Primary	NVD	2.7	1.2	1.4