Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Siemens SINEC INS 操作系统命令注入漏洞
Vulnerability Description
Siemens SINEC INS是德国西门子(Siemens)公司的一款为网络基础设施提供中央服务的软件。 Siemens SINEC INS存在操作系统命令注入漏洞,该漏洞源于受影响的应用程序未正确验证发送到其 Web API 特定端点的输入。这可能使具有应用程序高权限的经过身份验证的远程攻击者能够在底层操作系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A