CVE-2024-46889

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 12, 2024

Updated: Nov 13, 2024

CWE ID 321

Summary

CVE-2024-46889 is a newly identified vulnerability affecting all versions of SINEC INS (Integrated Information Systems) prior to V1.0 SP2 Update 3. The weakness lies in the use of hard-coded cryptographic key material to secure configuration files. An attacker can exploit this by reverse engineering the application binary, gaining unauthorized access to the cryptographic keys and the ability to decrypt arbitrary backup files. This vulnerability poses a significant risk to data confidentiality and should be addressed promptly through the installation of the latest software update.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/yj8JKc
https://www.cve.org/CVERecord?id=CVE-2024-46889
https://nvd.nist.gov/vuln/detail/CVE-2024-46889

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

Know What Matters

For Customers

For Partners

CVE-2024-46889

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations