Sign-up

ID

VAR-202408-0058


CVE

CVE-2024-41906


TITLE

Siemens'  sinec traffic analyzer  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-005782

DESCRIPTION

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache. Siemens' sinec traffic analyzer Exists in unspecified vulnerabilities.Information may be obtained and information may be tampered with. SINEC Traffic Analyzer is an on-premises application that monitors PNIO (PROFINET IO) communications between controllers and IO devices

Trust: 2.16

sources: NVD: CVE-2024-41906 // JVNDB: JVNDB-2024-005782 // CNVD: CNVD-2024-35431

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35431

AFFECTED PRODUCTS

vendor:siemensmodel:sinec traffic analyzerscope:ltversion:2.0

Trust: 1.6

vendor:シーメンスmodel:sinec traffic analyzerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sinec traffic analyzerscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sinec traffic analyzerscope:eqversion:2.0

Trust: 0.8

sources: CNVD: CNVD-2024-35431 // JVNDB: JVNDB-2024-005782 // NVD: CVE-2024-41906

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-41906
value: MEDIUM

Trust: 1.0

productcert@siemens.com: CVE-2024-41906
value: MEDIUM

Trust: 1.0

NVD: CVE-2024-41906
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2024-35431
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-35431
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-41906
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.5
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-41906
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 2.5
version: 3.1

Trust: 1.0

NVD: CVE-2024-41906
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-35431 // JVNDB: JVNDB-2024-005782 // NVD: CVE-2024-41906 // NVD: CVE-2024-41906

PROBLEMTYPE DATA

problemtype:CWE-524

Trust: 1.0

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-005782 // NVD: CVE-2024-41906

PATCH

title:Patch for Siemens SINEC Traffic Analyzer Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576936

Trust: 0.6

sources: CNVD: CNVD-2024-35431

EXTERNAL IDS

db:NVDid:CVE-2024-41906

Trust: 3.2

db:SIEMENSid:SSA-716317

Trust: 2.4

db:ICS CERTid:ICSA-24-228-04

Trust: 0.8

db:JVNid:JVNVU99084687

Trust: 0.8

db:JVNDBid:JVNDB-2024-005782

Trust: 0.8

db:CNVDid:CNVD-2024-35431

Trust: 0.6

sources: CNVD: CNVD-2024-35431 // JVNDB: JVNDB-2024-005782 // NVD: CVE-2024-41906

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-716317.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99084687/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-41906

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-04

Trust: 0.8

sources: CNVD: CNVD-2024-35431 // JVNDB: JVNDB-2024-005782 // NVD: CVE-2024-41906

SOURCES

db:CNVDid:CNVD-2024-35431
db:JVNDBid:JVNDB-2024-005782
db:NVDid:CVE-2024-41906

LAST UPDATE DATE

2024-08-24T20:49:01.199000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35431date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-005782date:2024-08-20T03:32:00
db:NVDid:CVE-2024-41906date:2024-08-14T18:04:32.100

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35431date:2024-08-14T00:00:00
db:JVNDBid:JVNDB-2024-005782date:2024-08-20T00:00:00
db:NVDid:CVE-2024-41906date:2024-08-13T08:15:13.560