SiemensCVE-2024-41906CVE-2024-41906
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N
AI Score
Confidence
Low
EPSS
Percentile
17.7%
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| siemens | sinec_traffic_analyzer | * | cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Siemens",
"product": "SINEC Traffic Analyzer",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "V2.0",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N
AI Score
Confidence
Low
EPSS
Percentile
17.7%