PatchSiren cyber security CVE debrief
CVE-2024-46894 Siemens CVE debrief
CVE-2024-46894 is a medium-severity authorization bypass vulnerability in Siemens SINEC INS, published on 2024-11-12. The affected application fails to properly validate user authorization for the /api/sftp/users endpoint, allowing an authenticated remote attacker to enumerate configured SFTP service users and modify that configuration. The vulnerability carries a CVSS 3.1 score of 6.3 (MEDIUM), with network attack vector, low attack complexity, low privileges required, and impacts to confidentiality, integrity, and availability. Siemens has released a vendor fix: users should update to V1.0 SP2 Update 3 or later. CISA published this advisory as ICSA-24-319-08 on 2024-11-12, with no known exploitation in the wild or KEV listing at time of publication.
- Vendor
- Siemens
- Product
- SINEC INS
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-11-12
- Original CVE updated
- 2024-11-12
- Advisory published
- 2024-11-12
- Advisory updated
- 2024-11-12
Who should care
Organizations operating Siemens SINEC INS in industrial network environments, particularly those exposing management interfaces to operational networks or with multiple administrative users requiring SFTP service configuration access.
Technical summary
Siemens SINEC INS contains an authorization bypass vulnerability in the /api/sftp/users endpoint. The application fails to validate that an authenticated user has proper authorization before allowing queries to this endpoint. An authenticated remote attacker can exploit this flaw to obtain a list of configured SFTP service users and modify the SFTP user configuration. The vulnerability requires network access and valid credentials but no user interaction. CVSS 3.1: 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). Remediation is available via vendor update to V1.0 SP2 Update 3 or later.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix: Update Siemens SINEC INS to V1.0 SP2 Update 3 or later version
- Review and audit SFTP user configurations for unauthorized modifications
- Implement network segmentation to limit access to SINEC INS management interfaces
- Monitor /api/sftp/users endpoint access for anomalous authenticated requests
- Apply principle of least privilege for SINEC INS administrative accounts
Evidence notes
Authorization failure on /api/sftp/users endpoint allows authenticated attackers to read and modify SFTP user configuration. CVSS 6.3 reflects network-accessible attack with low complexity and privilege requirements. Vendor fix available via Siemens support portal.
Official resources
-
CVE-2024-46894 CVE record
CVE.org
-
CVE-2024-46894 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-11-12