Session Cookie Vulnerability in SINEC Traffic Analyzer by Siemens
CVE-2024-35211

6.8MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A session cookie vulnerability has been detected in Siemens' SINEC Traffic Analyzer, where the web server fails to set important security attributes for session cookies after user login. This oversight allows potential attackers to exploit unsecured cookies, posing risks such as session hijacking and unauthorized access. The affected versions of the product are those prior to V1.2, emphasizing the need for immediate attention to enhance security measures.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V4

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024