Primary

Context

Siemens SINEC INS Password Hashing Vulnerability Allowing Password Recovery

Vulnerability

Patched

A vulnerability exists in Siemens SINEC INS versions prior to V1.0 SP2 Update 6, due to a password hashing method that employs a static, hardcoded salt shared among all users and installations, combined with an inadequate number of iterations. This flaw could enable an attacker to efficiently recover user passwords through brute-force or precomputed attacks, potentially leading to unauthorized access.

Impact

Exploitation of this vulnerability could result in unauthorized access to user accounts by allowing attackers to recover hashed passwords and bypass authentication.

Remediation

Users are advised to update to Siemens SINEC INS V1.0 SP2 Update 6 or a later version. For more information, visit the Siemens Industry Support page.

Added: Jun 9, 2026, 10:26 AM

Updated: Jun 9, 2026, 10:26 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

3.5

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

3.5

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC INS Password Hashing Vulnerability Allowing Password Recovery

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC INS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating