CVE-2024-46891
EUVD-2024-4213812.11.2024, 13:15
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| siemens | sinec_ins | 𝑥 ≤ 1.0 |
| siemens | sinec_ins | 1.0:sp1 |
| siemens | sinec_ins | 1.0:sp2 |
| siemens | sinec_ins | 1.0:sp2_update_1 |
| siemens | sinec_ins | 1.0:sp2_update_2 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| seimens | sinec_ins | 𝑥 < V1.0_SP2_Update 3 | ADP |
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.