Lucene search

SiemensCVELIST:CVE-2024-41905

HistoryAug 13, 2024 - 7:54 a.m.

CVE-2024-41905

2024-08-1307:54:25

CWE-284

siemens

www.cve.org

vulnerability

sinec traffic analyzer

access control

authenticated attacker

sensitive information

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS4

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.4%

JSON

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege’s to get access to sensitive information.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEC Traffic Analyzer",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V2.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-716317.html

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS4

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

18.4%

JSON

Related for CVELIST:CVE-2024-41905