Every CVE whose affected-product data names Siemens Sinec Ins, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (42)
CVE-2022-45092 — CVSS 9.9 (critical): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the…
CVE-2024-46888 — CVSS 9.9 (critical): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize…
CVE-2024-46890 — CVSS 9.1 (critical): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate…
CVE-2021-22945 — CVSS 9.1 (critical): When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already…
CVE-2022-35255 — CVSS 9.1 (critical): A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGe…
CVE-2026-46746 — CVSS 8.8 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The application does not properly sanitize user input…
CVE-2026-46748 — CVSS 8.8 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is…
CVE-2022-45093 — CVSS 8.5 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the…
CVE-2022-45094 — CVSS 8.4 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the…
CVE-2022-32212 — CVSS 8.1 (high): A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that…
CVE-2023-48427 — CVSS 8.1 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected products do not properly validate the…
CVE-2020-12762 — CVSS 7.8 (high): json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.
CVE-2020-7793 — CVSS 7.5 (high): The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked…
CVE-2026-46749 — CVSS 7.5 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing…
CVE-2021-25217 — CVSS 7.4 (high): In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and…
CVE-2022-2068 — CVSS 7.3 (high): In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not…
CVE-2023-48428 — CVSS 7.2 (high): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The radius configuration mechanism of affected…
CVE-2021-23337 — CVSS 7.2 (high): Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.
CVE-2023-48431 — CVSS 6.8 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Affected software does not correctly validate the…
CVE-2022-0155 — CVSS 6.5 (medium): follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVE-2022-35256 — CVSS 6.5 (medium): The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may…
CVE-2022-32215 — CVSS 6.5 (medium): The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding…
CVE-2022-32213 — CVSS 6.5 (medium): The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding…
CVE-2024-46894 — CVSS 6.3 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate…
CVE-2021-23841 — CVSS 5.9 (medium): The OpenSSL public API function X509_issuer_and_serial_hash() attempts to create a unique hash value based on the issuer and serial number…
CVE-2020-28168 — CVSS 5.9 (medium): Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by…
CVE-2021-4160 — CVSS 5.9 (medium): There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS…
CVE-2022-2097 — CVSS 5.3 (medium): AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under…
CVE-2022-32222 — CVSS 5.3 (medium): A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf…
CVE-2024-46889 — CVSS 5.3 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic…
CVE-2024-46891 — CVSS 5.3 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict…
CVE-2020-28500 — CVSS 5.3 (medium): Lodash versions prior to 4.17.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the toNumber, trim and trimEnd…
CVE-2022-0396 — CVSS 5.3 (medium): BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted…
CVE-2024-46892 — CVSS 4.9 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate…
CVE-2026-46747 — CVSS 4.3 (medium): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application does not properly sanitize…
CVE-2021-23839 — CVSS 3.7 (low): OpenSSL 1.0.2 supports SSLv2. If a client attempts to negotiate SSLv2 with a server that is configured to support both SSLv2 and more…
CVE-2023-48430 — CVSS 2.7 (low): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The REST API of affected devices does not check the…
CVE-2023-48429 — CVSS 2.7 (low): A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). The Web UI of affected devices does not check the…