CVE-2024-47563: Path Traversal
First published: Tue Oct 08 2024(Updated: )
A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unauthenticated remote attacker to create files in writable directories outside the intended location and thus compromise integrity of files in those writable directories.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens SINEC Security Monitor | <4.9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-47563?
CVE-2024-47563 is considered a critical vulnerability due to its potential for unauthenticated remote exploitation.
How do I fix CVE-2024-47563?
To mitigate CVE-2024-47563, upgrade Siemens SINEC Security Monitor to version 4.9.0 or higher.
What version of Siemens SINEC Security Monitor is affected by CVE-2024-47563?
All versions of Siemens SINEC Security Monitor prior to version 4.9.0 are affected by CVE-2024-47563.
Can CVE-2024-47563 be exploited remotely?
Yes, CVE-2024-47563 can be exploited by unauthenticated remote attackers.
What type of attack does CVE-2024-47563 allow?
CVE-2024-47563 allows attackers to create files in writable directories due to improper file path validation.
- agent/weakness
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- agent/severity
- agent/event
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/tags
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/source
- vendor/siemens
- canonical/siemens sinec security monitor