Attackers Can Gain Access to Database Entries via Lack of Input Validation
CVE-2024-35212

6.9MEDIUM

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A significant vulnerability has been detected in SINEC Traffic Analyzer, specifically affecting versions prior to V1.2. This flaw is rooted in inadequate input validation processes, which can permit unauthorized access to sensitive database entries. Attackers exploiting this vulnerability may manipulate input to extract or alter critical data, thereby compromising the integrity and confidentiality of the information handled by the application. Users of the affected product are advised to review their systems and implement necessary mitigations to protect against potential exploitation.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024