Lucene search
China National Vulnerability DatabaseCNVD-2023-97256HistoryDec 13, 2023 - 12:00 a.m.
Siemens SINEC INS Certificate Validation Improperity Vulnerability
2023-12-1300:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
siemens
sinec ins
certificate validation
vulnerability
data interception
umc server
privilege escalation
industrial networks
SINEC INS (Infrastructure Network Services) is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. Siemens SINEC INS suffers from a Certificate Validation Improperity vulnerability, which is due to the affected product failing to properly validate the certificate of the configured UMC server. An attacker could exploit the vulnerability to be able to intercept credentials sent to the UMC server and manipulate the response to escalate privileges.
Related
prion
prion
Design/Logic Flaw
2023-12-12 12:15:00
Information disclosure
2023-12-12 12:15:00
nvd
nvd
CVE-2023-48427
2023-12-12 12:15:14
CVE-2023-48431
2023-12-12 12:15:15
cve
cve
CVE-2023-48427
2023-12-12 12:15:14
CVE-2023-48431
2023-12-12 12:15:15
cvelist
cvelist
CVE-2023-48427
2023-12-12 11:27:18
CVE-2023-48431
2023-12-12 11:27:23
cnvd
cnvd
Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97252)
2023-12-13 00:00:00
nessus
nessus
TeamCity Server < 2022.10.3 Multiple Vulnerabilities
2023-09-29 00:00:00
ics
ics
Siemens SINEC INS
2023-12-14 12:00:00