Details of VAR-202406-0066

ID

VAR-202406-0066

CVE

CVE-2024-35208

TITLE

Siemens' sinec traffic analyzer Vulnerability regarding insufficient protection of authentication information in

Trust: 0.8

sources: JVNDB: JVNDB-2024-004997

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via the Web-UI. Siemens SINEC Traffic Analyzer has an insufficient credential protection vulnerability, which is caused by the web server storing passwords in plain text, which can be exploited by attackers to obtain access passwords

Trust: 2.16

sources: NVD: CVE-2024-35208 // JVNDB: JVNDB-2024-004997 // CNVD: CNVD-2024-26699

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-26699

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec traffic analyzer	scope:	lt	version:	1.2	Trust: 1.6
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	1.2	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2024-26699 // JVNDB: JVNDB-2024-004997 // NVD: CVE-2024-35208

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-35208
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2024-35208
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2024-35208
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-26699
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-26699
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.1
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-35208
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2024-35208
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.0
impactScore:	3.7
version:	3.1
Trust: 1.0
NVD:	CVE-2024-35208
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-26699 // JVNDB: JVNDB-2024-004997 // NVD: CVE-2024-35208 // NVD: CVE-2024-35208

PROBLEMTYPE DATA

problemtype:	CWE-522	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-004997 // NVD: CVE-2024-35208

PATCH

title:

Patch for Siemens SINEC Traffic Analyzer Insufficient Credential Protection Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/555096

Trust: 0.6

sources: CNVD: CNVD-2024-26699

EXTERNAL IDS

db:	NVD	id:	CVE-2024-35208	Trust: 3.2
db:	SIEMENS	id:	SSA-196737	Trust: 2.4
db:	JVNDB	id:	JVNDB-2024-004997	Trust: 0.8
db:	CNVD	id:	CNVD-2024-26699	Trust: 0.6

sources: CNVD: CNVD-2024-26699 // JVNDB: JVNDB-2024-004997 // NVD: CVE-2024-35208

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-196737.html	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2024-35208	Trust: 0.8

sources: CNVD: CNVD-2024-26699 // JVNDB: JVNDB-2024-004997 // NVD: CVE-2024-35208

SOURCES

db:	CNVD	id:	CNVD-2024-26699
db:	JVNDB	id:	JVNDB-2024-004997
db:	NVD	id:	CVE-2024-35208

LAST UPDATE DATE

2024-08-15T12:15:08.500000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-26699	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004997	date:	2024-08-08T01:14:00
db:	NVD	id:	CVE-2024-35208	date:	2024-08-06T15:08:17.727

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-26699	date:	2024-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2024-004997	date:	2024-08-08T00:00:00
db:	NVD	id:	CVE-2024-35208	date:	2024-06-11T12:15:16.923