Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Siemens | SINEC INS | unknown |
|
Configuration 1 [-]
|
No data.
| Vendor | Product | Confidence | Versions | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Sinec Ins | 100% |
|
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 12 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:siemens:sinec_ins:*:-:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_1:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_2:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_3:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_4:*:*:*:*:*:* cpe:2.3:a:siemens:sinec_ins:1.0:sp2_update_5:*:*:*:*:*:* |
Tue, 09 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 09 Jun 2026 12:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Siemens
Siemens sinec Ins |
|
| Vendors & Products |
Siemens
Siemens sinec Ins |
Tue, 09 Jun 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Path Traversal in SINEC INS /api/sftp/uploadFiles Endpoint |
Tue, 09 Jun 2026 10:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize path input in the `GET /api/sftp/uploadFiles` endpoint used for directory listing. This allows path traversal through crafted input, enabling access to unintended file system locations. | |
| Weaknesses | CWE-26 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: siemens
Published:
Updated: 2026-06-09T14:37:31.164Z
Reserved: 2026-05-18T09:37:25.766Z
Link: CVE-2026-46747
Vulnrichment
Updated: 2026-06-09T14:37:07.659Z
NVD
Status : Analyzed
Published: 2026-06-09T10:16:44.130
Modified: 2026-06-12T15:28:46.490
Link: CVE-2026-46747
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-09T12:30:03Z