CVE-2024-35211

6.5MEDIUM

Key Information:

Vendor
Siemens
Status
Sinec Traffic Analyzer
Vendor
CVE Published:
11 June 2024

Summary

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.