Sign-up

ID

VAR-202408-0055


CVE

CVE-2024-41907


TITLE

Siemens'  sinec traffic analyzer  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-005829

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack. Siemens' sinec traffic analyzer Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communications between controllers and IO devices

Trust: 2.16

sources: NVD: CVE-2024-41907 // JVNDB: JVNDB-2024-005829 // CNVD: CNVD-2024-35430

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35430

AFFECTED PRODUCTS

vendor:siemensmodel:sinec traffic analyzerscope:ltversion:2.0

Trust: 1.6

vendor:シーメンスmodel:sinec traffic analyzerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec traffic analyzerscope:eqversion:2.0

Trust: 0.8

vendor:シーメンスmodel:sinec traffic analyzerscope:eqversion: -

Trust: 0.8

sources: CNVD: CNVD-2024-35430 // JVNDB: JVNDB-2024-005829 // NVD: CVE-2024-41907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-41907
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-41907
value: LOW

Trust: 1.0

NVD: CVE-2024-41907
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-35430
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-35430
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-41907
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.5
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-41907
baseSeverity: MEDIUM
baseScore: 4.2
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2024-41907
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-35430 // JVNDB: JVNDB-2024-005829 // NVD: CVE-2024-41907 // NVD: CVE-2024-41907

PROBLEMTYPE DATA

problemtype:CWE-358

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005829 // NVD: CVE-2024-41907

PATCH

title:Patch for Siemens SINEC Traffic Analyzer Logic Flaw Vulnerability (CNVD-2024-35430)url:https://www.cnvd.org.cn/patchInfo/show/576941

Trust: 0.6

sources: CNVD: CNVD-2024-35430

EXTERNAL IDS

db:NVDid:CVE-2024-41907

Trust: 3.2

db:SIEMENSid:SSA-716317

Trust: 2.4

db:ICS CERTid:ICSA-24-228-04

Trust: 0.8

db:JVNid:JVNVU99084687

Trust: 0.8

db:JVNDBid:JVNDB-2024-005829

Trust: 0.8

db:CNVDid:CNVD-2024-35430

Trust: 0.6

sources: CNVD: CNVD-2024-35430 // JVNDB: JVNDB-2024-005829 // NVD: CVE-2024-41907

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-716317.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99084687/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41907

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-04

Trust: 0.8

sources: CNVD: CNVD-2024-35430 // JVNDB: JVNDB-2024-005829 // NVD: CVE-2024-41907

SOURCES

db:CNVDid:CNVD-2024-35430
db:JVNDBid:JVNDB-2024-005829
db:NVDid:CVE-2024-41907

LAST UPDATE DATE

2024-08-24T21:41:47.207000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35430date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-005829date:2024-08-20T09:15:00
db:NVDid:CVE-2024-41907date:2024-08-14T18:06:56.493

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35430date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-005829date:2024-08-20T00:00:00
db:NVDid:CVE-2024-41907date:2024-08-13T08:15:13.813