CVE-2024-46890

Name of the Vulnerable Software and Affected Versions SINEC INS versions prior to V1.0 SP2 Update 3

Description A vulnerability has been identified in the affected application, which does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS. The issue is related to the improper checking of input data in the web interface, which may enable a remote attacker to perform arbitrary code execution.

Recommendations For versions prior to V1.0 SP2 Update 3, update to V1.0 SP2 Update 3 or later to resolve the issue. As a temporary workaround, consider restricting access to specific endpoints of the web API to minimize the risk of exploitation. Additionally, ensure that only authenticated users with necessary privileges have access to the application to reduce the potential impact of the vulnerability.