Cross-Site Request Forgery Vulnerability in Siemens SINEC Traffic Analyzer
CVE-2024-35207

7.8HIGH

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability exists in the web interface of the Siemens SINEC Traffic Analyzer, specifically affecting all versions prior to V1.2. This flaw exposes the product to potential Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by deceiving an authenticated user into clicking a malicious link, leading to unauthorized actions being performed on the device without the user's knowledge. This can compromise the integrity and security of the affected systems, allowing attackers to manipulate settings or gather sensitive data.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024