Details of VAR-202408-0056

ID

VAR-202408-0056

CVE

CVE-2024-41905

TITLE

Siemens' sinec traffic analyzer Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-005783

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information. Siemens' sinec traffic analyzer Exists in unspecified vulnerabilities.Information may be obtained. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communications between controllers and IO devices

Trust: 2.16

sources: NVD: CVE-2024-41905 // JVNDB: JVNDB-2024-005783 // CNVD: CNVD-2024-35432

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-35432

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec traffic analyzer	scope:	lt	version:	2.0	Trust: 1.6
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	2.0	Trust: 0.8

sources: CNVD: CNVD-2024-35432 // JVNDB: JVNDB-2024-005783 // NVD: CVE-2024-41905

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41905
value:	MEDIUM
Trust: 1.0
productcert@siemens.com:	CVE-2024-41905
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-41905
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2024-35432
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2024-35432
severity:	MEDIUM
baseScore:	6.6
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41905
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2024-41905
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41905
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-35432 // JVNDB: JVNDB-2024-005783 // NVD: CVE-2024-41905 // NVD: CVE-2024-41905

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005783 // NVD: CVE-2024-41905

PATCH

title:

Patch for Siemens SINEC Traffic Analyzer Access Control Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/576931

Trust: 0.6

sources: CNVD: CNVD-2024-35432

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41905	Trust: 3.2
db:	SIEMENS	id:	SSA-716317	Trust: 2.4
db:	ICS CERT	id:	ICSA-24-228-04	Trust: 0.8
db:	JVN	id:	JVNVU99084687	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-005783	Trust: 0.8
db:	CNVD	id:	CNVD-2024-35432	Trust: 0.6

sources: CNVD: CNVD-2024-35432 // JVNDB: JVNDB-2024-005783 // NVD: CVE-2024-41905

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-716317.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99084687/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41905	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-04	Trust: 0.8

sources: CNVD: CNVD-2024-35432 // JVNDB: JVNDB-2024-005783 // NVD: CVE-2024-41905

SOURCES

db:	CNVD	id:	CNVD-2024-35432
db:	JVNDB	id:	JVNDB-2024-005783
db:	NVD	id:	CVE-2024-41905

LAST UPDATE DATE

2024-08-24T20:58:41.133000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-35432	date:	2024-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-005783	date:	2024-08-20T03:32:00
db:	NVD	id:	CVE-2024-41905	date:	2024-08-14T18:03:07.660

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-35432	date:	2024-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-005783	date:	2024-08-20T00:00:00
db:	NVD	id:	CVE-2024-41905	date:	2024-08-13T08:15:13.250