File Modification Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35209

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability exists in the SINEC Traffic Analyzer that permits the use of insecure HTTP methods such as PUT and DELETE. This flaw can enable attackers to modify files without authorization, which poses significant risks to the integrity and security of the web server environment. Immediate action is essential to mitigate potential risks associated with file manipulation and unauthorized access.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024

Collectors

NVD DatabaseMitre Database