Details of VAR-202406-0064

ID

VAR-202406-0064

CVE

CVE-2024-35212

TITLE

Siemens' sinec traffic analyzer Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-004998

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries. Siemens' sinec traffic analyzer Exists in unspecified vulnerabilities.Information may be obtained. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI

Trust: 2.16

sources: NVD: CVE-2024-35212 // JVNDB: JVNDB-2024-004998 // CNVD: CNVD-2024-26695

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-26695

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec traffic analyzer	scope:	lt	version:	1.2	Trust: 1.6
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	1.2	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-26695 // JVNDB: JVNDB-2024-004998 // NVD: CVE-2024-35212

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-35212
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2024-35212
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-35212
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-26695
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-26695
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-35212
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 2.0
NVD:	CVE-2024-35212
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-26695 // JVNDB: JVNDB-2024-004998 // NVD: CVE-2024-35212 // NVD: CVE-2024-35212

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004998 // NVD: CVE-2024-35212

PATCH

title:

Patch for Siemens SINEC Traffic Analyzer Input Validation Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/555076

Trust: 0.6

sources: CNVD: CNVD-2024-26695

EXTERNAL IDS

db:	NVD	id:	CVE-2024-35212	Trust: 3.2
db:	SIEMENS	id:	SSA-196737	Trust: 2.4
db:	JVN	id:	JVNVU96920775	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-004998	Trust: 0.8
db:	CNVD	id:	CNVD-2024-26695	Trust: 0.6

sources: CNVD: CNVD-2024-26695 // JVNDB: JVNDB-2024-004998 // NVD: CVE-2024-35212

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-196737.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu96920775	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-35212	Trust: 0.8

sources: CNVD: CNVD-2024-26695 // JVNDB: JVNDB-2024-004998 // NVD: CVE-2024-35212

SOURCES

db:	CNVD	id:	CNVD-2024-26695
db:	JVNDB	id:	JVNDB-2024-004998
db:	NVD	id:	CVE-2024-35212

LAST UPDATE DATE

2024-08-15T10:48:05.229000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-26695	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004998	date:	2024-08-08T01:39:00
db:	NVD	id:	CVE-2024-35212	date:	2024-08-06T15:11:27.243

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-26695	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004998	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-35212	date:	2024-06-11T12:15:17.897