Siemens has patched a set of vulnerabilities in SINEC INS, its network management platform, the most serious of which let an attacker run commands on the server. The flaws matter because SINEC INS (Infrastructure Network Services) is used to manage networks across critical-infrastructure sectors including manufacturing, energy, transportation, healthcare, finance, and government. Siemens ProductCERT reported the issues, and CISA republished the advisory on June 23, 2026.
What's affected
All versions of SINEC INS before V1.0 SP2 Update 6 (build 1.0.2.6) are affected by four flaws. The headline bug, CVE-2026-46746 (rated 8.8 out of 10), is an operating-system command injection in the product's file-upload interface: the application fails to sanitize directory names, so an authenticated remote attacker can plant shell commands that execute when a directory listing is later retrieved, running with the privileges of the service account. A second high-severity flaw, CVE-2026-46748 (also 8.8), stems from a bundled binary granted a Linux capability that bypasses file-permission checks, letting a local attacker escalate to root. Chained together, the two would give an attacker full control of the host.
The remaining two are a predictable password-hashing weakness, CVE-2026-46749 (7.5), in which a static, hardcoded salt is shared across every installation and the hashing uses too few iterations, making stored passwords recoverable through brute-force or precomputed attacks, and a path traversal flaw, CVE-2026-46747 (4.3), in the same file-upload endpoint that exposes files outside the intended directory.
How serious is it
The command-injection and privilege-escalation bugs require some level of authenticated access, which raises the bar slightly, but together they form a realistic path from a low-privileged account to root on a system that sits at the heart of network operations. There is no indication so far that any of these flaws have been exploited in the wild; this is a vendor disclosure, not an incident report.
What you should do
Siemens recommends updating SINEC INS to V1.0 SP2 Update 6 or later, which fixes all four issues. Because the platform manages critical-infrastructure networks, CISA's standard guidance applies with extra force: keep the system off the public internet, place it behind firewalls and isolate it from business networks, and use a well-maintained VPN where remote access is genuinely required. Rotating credentials after patching is prudent given the password-hashing weakness.
Related coverage: Hackers exploit Fortinet FortiSandbox flaws to hijack malware analysis servers.
This briefing is provided by IntelFusions for informational and defensive purposes only. It is based on sources assessed to be reliable at the time of writing, and analytic judgments carry the confidence levels indicated. Indicators of compromise are defanged; re-arm them only in controlled environments. IntelFusions is not affiliated with the organizations named and makes no warranty as to completeness or accuracy.