Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Siemens SINEC INS 路径遍历漏洞
Vulnerability Description
Siemens SINEC INS是德国西门子(Siemens)公司的一款为网络基础设施提供中央服务的软件。 Siemens SINEC INS存在路径遍历漏洞,该漏洞源于受影响的应用程序未正确清理用户提供的基于 SFTP 的文件上传和下载路径。这可能使经过身份验证的远程攻击者能够操纵文件系统上的任意文件并在设备上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A