CVE-2024-46888
Published: 12 November 2024
Summary
CVE-2024-46888 is a critical-severity Path Traversal (CWE-22) vulnerability in Siemens Sinec Ins. Its CVSS base score is 9.4 (Critical).
Operationally, ranked in the top 7.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2024-46888 affects Siemens SINEC INS in all versions prior to V1.0 SP2 Update 3. It stems from improper sanitization of user-supplied paths during SFTP-based file uploads and downloads, corresponding to CWE-22. This path traversal flaw carries a CVSS 4.0 score of 9.4 and permits manipulation of arbitrary filesystem paths.
An authenticated remote attacker can exploit the issue over the network by supplying crafted paths through SFTP operations. Successful exploitation allows the attacker to read, write, or modify arbitrary files on the underlying system, ultimately achieving arbitrary code execution on the affected device.
The official Siemens advisory at https://cert-portal.siemens.com/productcert/html/ssa-915275.html addresses the flaw and identifies the V1.0 SP2 Update 3 release as the corrective version that resolves the path sanitization weakness.
EPSS for the CVE stands at 0.0950 after reaching a recorded peak of 0.1505.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42135
Vulnerability details
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate…
more
arbitrary files on the filesystem and achieve arbitrary code execution on the device.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.