Session Expiration Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35206

8.8HIGH

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability has been detected in the SINEC Traffic Analyzer, specifically affecting all versions prior to V1.2. This flaw is rooted in the application's failure to properly expire user sessions, potentially allowing attackers to exploit this oversight for unauthorized access to the system. Organizations using affected versions should prioritize updates to mitigate security risks associated with session management defects.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024