CVE-2024-47563

Name of the Vulnerable Software and Affected Versions: Siemens SINEC Security Monitor versions prior to V4.9.0

Description: A vulnerability has been identified in the application where it does not properly validate a file path supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location, compromising the integrity of files in those writable directories. The issue is related to incorrect restriction of the directory path name with limited access, which may allow a remote attacker to create files in arbitrary directories.

Recommendations: For versions prior to V4.9.0, update to version V4.9.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the endpoint intended to create CSR files until a patch is available. Avoid using the vulnerable file path validation mechanism in the affected application until the issue is resolved.