Primary

Context

Siemens SINEC INS Path Traversal Vulnerability in SFTP File Upload Endpoint

Vulnerability

Patched

A path traversal vulnerability has been identified in Siemens SINEC INS, all versions prior to V1.0 SP2 Update 6. The issue arises in the 'GET /api/sftp/uploadFiles' endpoint, which is used for directory listing. The application fails to properly sanitize path input, allowing crafted input to traverse directories and access unintended file system locations.

Impact

Exploitation of this vulnerability could lead to unauthorized access to restricted file system areas, potentially allowing for the manipulation or extraction of sensitive files.

Remediation

Users are advised to update to Siemens SINEC INS V1.0 SP2 Update 6 or later. For more information, visit the Siemens Industry Support page.

Added: Jun 9, 2026, 10:28 AM

Updated: Jun 9, 2026, 10:28 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.6

exploitability

4.9

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC INS Path Traversal Vulnerability in SFTP File Upload Endpoint

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC INS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating