File Modification Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35209

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A vulnerability exists in the SINEC Traffic Analyzer that permits the use of insecure HTTP methods such as PUT and DELETE. This flaw can enable attackers to modify files without authorization, which poses significant risks to the integrity and security of the web server environment. Immediate action is essential to mitigate potential risks associated with file manipulation and unauthorized access.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024