CVE-2026-46749

Summary

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected application uses a password hashing implementation with a static, hardcoded salt shared across all users and installations, and is configured with an insufficient number of iterations. This could allow an attacker to efficiently recover user passwords using brute-force or precomputed attacks, potentially resulting in unauthorized access.

Affected Software

VendorProductVersion RangeStatus
SiemensSINEC INS0 < V1.0 SP2 Update 6affected

Weaknesses

  • CWE-760: CWE-760: Use of a One-Way Hash with a Predictable Salt

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References