Description
A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
Published: 2026-06-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A binary in Siemens SINEC INS is compiled with the cap_dac_override capability, allowing the process to bypass standard file permission checks. This gives the process unrestricted access to the file system, enabling a local attacker to modify arbitrary files and eventually gain root privileges. The weakness is classified as CWE‑250 – execution with the privileges of another process, leading to complete loss of integrity and confidentiality for the host.

Affected Systems

Siemens SINEC INS versions prior to V1.0 SP2 Update 6 are affected. Specifically, any installation that includes the vulnerable binary with the cap_dac_override capability is at risk.

Risk and Exploitability

The CVSS score of 8.7 indicates a high severity vulnerability. Although the EPSS score is not available, the lack of a KEV listing does not diminish the local exploitation risk – a user with local access can directly launch the vulnerable binary. The likely attack vector is a local privilege escalation path that requires the attacker to run or trigger the vulnerable process. Once bypassing file system checks, the attacker can modify system files and achieve full root control, effectively compromising the entire system.

Generated by OpenCVE AI on June 9, 2026 at 11:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Siemens SINEC INS update that removes or restricts cap_dac_override capability
  • Reconfigure or replace the affected binary to run without the cap_dac_override flag or remove set‑uid status
  • Enforce capability restrictions on the system using policy or containerization to prevent binaries from gaining elevated privileges

Generated by OpenCVE AI on June 9, 2026 at 11:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Siemens
Siemens sinec Ins
Vendors & Products Siemens
Siemens sinec Ins

Tue, 09 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via cap_dac_override in Siemens SINEC INS

Tue, 09 Jun 2026 10:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 6). The affected system includes a binary that is configured with the cap_dac_override capability. This capability allows the process to bypass file system permission checks, resulting in unrestricted file system access. This could allow a local attacker to escalate privileges leading to arbitrary file modification and gaining root privileges on the system.
Weaknesses CWE-250
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siemens Sinec Ins
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published:

Updated: 2026-06-09T16:06:36.328Z

Reserved: 2026-05-18T09:37:25.766Z

Link: CVE-2026-46748

cve-icon Vulnrichment

Updated: 2026-06-09T16:06:32.530Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-09T10:16:44.263

Modified: 2026-06-09T13:49:39.993

Link: CVE-2026-46748

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T12:30:03Z

Weaknesses