CVE-2024-46889

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 3

Description A vulnerability has been identified in the affected application, which uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn the cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files. The issue is related to the use of a hard-coded cryptographic key, which may enable an unauthorized party to gain access to protected information.

Recommendations For versions prior to V1.0 SP2 Update 3, update to V1.0 SP2 Update 3 or later to resolve the issue. As a temporary workaround, consider restricting access to configuration files and backup files to minimize the risk of exploitation. Avoid using the affected application for sensitive operations until the issue is resolved.