Session Cookie Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35211

6.5MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A session cookie vulnerability has been detected in Siemens' SINEC Traffic Analyzer, where the web server fails to set important security attributes for session cookies after user login. This oversight allows potential attackers to exploit unsecured cookies, posing risks such as session hijacking and unauthorized access. The affected versions of the product are those prior to V1.2, emphasizing the need for immediate attention to enhance security measures.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024