Product:

Sinec_ins

(Siemens)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 31
Date Id Summary Products Score Patch Annotated
2022-07-14 CVE-2022-32213 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). Debian_linux, Fedora, Llhttp, Node\.js, Sinec_ins, Stormshield_management_center 6.5
2022-07-14 CVE-2022-32215 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). Debian_linux, Fedora, Llhttp, Node\.js, Sinec_ins, Stormshield_management_center 6.5
2022-07-14 CVE-2022-32222 A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. Node\.js, Sinec_ins 5.3
2022-12-05 CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. Debian_linux, Llhttp, Node\.js, Sinec_ins 6.5
2022-12-05 CVE-2022-35255 A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material. Debian_linux, Node\.js, Sinec_ins 9.1
2022-07-14 CVE-2022-32212 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. Debian_linux, Fedora, Node\.js, Sinec_ins 8.1
2022-01-16 CVE-2022-0235 node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Debian_linux, Node\-Fetch, Sinec_ins 6.1
2023-01-10 CVE-2022-45093 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product as well as with access to the SFTP server of the affected product (22/tcp), could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. Sinec_ins 8.8
2023-01-10 CVE-2022-45092 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might leverage this to trigger remote code execution on the affected component. Sinec_ins 8.8
2023-01-10 CVE-2022-45094 A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 1). An authenticated remote attacker with access to the Web Based Management (443/tcp) of the affected product, could potentially inject commands into the dhcpd configuration of the affected product. An attacker might leverage this to trigger remote code execution on the affected component. Sinec_ins 8.8