Details of VAR-202408-0057

ID

VAR-202408-0057

CVE

CVE-2024-41903

TITLE

Siemens' sinec traffic analyzer Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-005784

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption. Siemens' sinec traffic analyzer Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communications between controllers and IO devices

Trust: 2.16

sources: NVD: CVE-2024-41903 // JVNDB: JVNDB-2024-005784 // CNVD: CNVD-2024-35434

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2024-35434

AFFECTED PRODUCTS

vendor:	siemens	model:	sinec traffic analyzer	scope:	lt	version:	2.0	Trust: 1.6
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sinec traffic analyzer	scope:	eq	version:	2.0	Trust: 0.8

sources: CNVD: CNVD-2024-35434 // JVNDB: JVNDB-2024-005784 // NVD: CVE-2024-41903

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2024-41903
value:	HIGH
Trust: 1.0
productcert@siemens.com:	CVE-2024-41903
value:	HIGH
Trust: 1.0
NVD:	CVE-2024-41903
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2024-35434
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2024-35434
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2024-41903
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
productcert@siemens.com:	CVE-2024-41903
baseSeverity:	MEDIUM
baseScore:	6.6
vectorString:	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	0.7
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2024-41903
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2024-35434 // JVNDB: JVNDB-2024-005784 // NVD: CVE-2024-41903 // NVD: CVE-2024-41903

PROBLEMTYPE DATA

problemtype:	CWE-269	Trust: 1.0
problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2024-005784 // NVD: CVE-2024-41903

PATCH

title:

Patch for Siemens SINEC Traffic Analyzer Permission Management Error Vulnerability

url:

https://www.cnvd.org.cn/patchInfo/show/576921

Trust: 0.6

sources: CNVD: CNVD-2024-35434

EXTERNAL IDS

db:	NVD	id:	CVE-2024-41903	Trust: 3.2
db:	SIEMENS	id:	SSA-716317	Trust: 2.4
db:	ICS CERT	id:	ICSA-24-228-04	Trust: 0.8
db:	JVN	id:	JVNVU99084687	Trust: 0.8
db:	JVNDB	id:	JVNDB-2024-005784	Trust: 0.8
db:	CNVD	id:	CNVD-2024-35434	Trust: 0.6

sources: CNVD: CNVD-2024-35434 // JVNDB: JVNDB-2024-005784 // NVD: CVE-2024-41903

REFERENCES

url:	https://cert-portal.siemens.com/productcert/html/ssa-716317.html	Trust: 2.4
url:	https://jvn.jp/vu/jvnvu99084687/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2024-41903	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-04	Trust: 0.8

sources: CNVD: CNVD-2024-35434 // JVNDB: JVNDB-2024-005784 // NVD: CVE-2024-41903

SOURCES

db:	CNVD	id:	CNVD-2024-35434
db:	JVNDB	id:	JVNDB-2024-005784
db:	NVD	id:	CVE-2024-41903

LAST UPDATE DATE

2024-08-24T20:23:10.765000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2024-35434	date:	2024-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-005784	date:	2024-08-20T03:32:00
db:	NVD	id:	CVE-2024-41903	date:	2024-08-14T18:39:21.207

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2024-35434	date:	2024-08-14T00:00:00
db:	JVNDB	id:	JVNDB-2024-005784	date:	2024-08-20T00:00:00
db:	NVD	id:	CVE-2024-41903	date:	2024-08-13T08:15:12.717