A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
| Vendor | Product | Versions |
|---|---|---|
| siemens | sinec ins | 0 |
Updated severity to CRITICAL, added affected version 1.0 SP2 Update 5, and marked the vulnerability as actively exploited.
Initial creation
