PatchSiren cyber security CVE debrief
CVE-2026-46748 Siemens CVE debrief
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
- Vendor
- Siemens
- Product
- SINEC INS
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-12
Who should care
Users of Siemens SINEC INS (All versions < V1.0 SP2 Update 6) should apply the necessary updates to prevent local attackers from escalating privileges.
Technical summary
The vulnerability exists due to a binary in SINEC INS being configured with the cap_dac_override capability, allowing unrestricted file system access.
Defensive priority
HIGH
Recommended defensive actions
- Apply updates to SINEC INS to version V1.0 SP2 Update 6 or later.
- Restrict access to sensitive areas of the system.
- Monitor system activity for suspicious behavior.
Evidence notes
The vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6).
Official resources
-
CVE-2026-46748 CVE record
CVE.org
-
CVE-2026-46748 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-46748 was published on [2026-06-09T10:16:44.263Z].