CVE-2024-47563
Published: 08 October 2024
Summary
CVE-2024-47563 is a medium-severity Path Traversal (CWE-22) vulnerability in Siemens Sinec Security Monitor. Its CVSS base score is 6.9 (Medium).
Operationally, ranked at the 44.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-42528
Vulnerability details
A vulnerability has been identified in SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote…
more
attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.