Details of VAR-202406-0062

ID

VAR-202406-0062

CVE

CVE-2024-35211

TITLE

Siemens' sinec traffic analyzer In HTTPS within the session Secure Important with no attributes Cookie Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2024-004986

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Siemens' sinec traffic analyzer for, HTTPS within the session Secure Important with no attributes Cookie There is a vulnerability related to.Information may be obtained. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

Trust: 2.16

sources: NVD: CVE-2024-35211 // JVNDB: JVNDB-2024-004986 // CNVD: CNVD-2024-26696

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-26696

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec traffic analyzer	scope:	lt	version:	1.2	Trust: 1.6
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	1.2	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-26696 // JVNDB: JVNDB-2024-004986 // NVD: CVE-2024-35211

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-35211
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2024-35211
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-35211
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-26696
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-26696
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:L/AU:S/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-35211
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-35211
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-26696 // JVNDB: JVNDB-2024-004986 // NVD: CVE-2024-35211 // NVD: CVE-2024-35211

PROBLEMTYPE DATA

problemtype:	CWE-614	Trust: 1.0
problemtype:	HTTPS within the session Secure Important with no attributes Cookie(CWE-614) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004986 // NVD: CVE-2024-35211

PATCH

title:

Patch for Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/555081

Trust: 0.6

sources: CNVD: CNVD-2024-26696

EXTERNAL IDS

db:	NVD	id:	CVE-2024-35211	Trust: 3.2
db:	SIEMENS	id:	SSA-196737	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-004986	Trust: 0.8
db:	CNVD	id:	CNVD-2024-26696	Trust: 0.6

sources: CNVD: CNVD-2024-26696 // JVNDB: JVNDB-2024-004986 // NVD: CVE-2024-35211

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-196737.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-35211	Trust: 0.8

sources: CNVD: CNVD-2024-26696 // JVNDB: JVNDB-2024-004986 // NVD: CVE-2024-35211

SOURCES

db:	CNVD	id:	CNVD-2024-26696
db:	JVNDB	id:	JVNDB-2024-004986
db:	NVD	id:	CVE-2024-35211

LAST UPDATE DATE

2024-08-15T11:10:12.965000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-26696	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004986	date:	2024-08-08T01:03:00
db:	NVD	id:	CVE-2024-35211	date:	2024-08-06T15:10:56.163

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-26696	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004986	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-35211	date:	2024-06-11T12:15:17.643