Session Expiration Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35206

8.5HIGH

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

What is CVE-2024-35206?

A vulnerability has been detected in the SINEC Traffic Analyzer, specifically affecting all versions prior to V1.2. This flaw is rooted in the application's failure to properly expire user sessions, potentially allowing attackers to exploit this oversight for unauthorized access to the system. Organizations using affected versions should prioritize updates to mitigate security risks associated with session management defects.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024