Attackers Can Gain Access to Database Entries via Lack of Input Validation
CVE-2024-35212

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sinec Traffic Analyzer
Vendor: CVE Published:; 11 June 2024

Summary

A significant vulnerability has been detected in SINEC Traffic Analyzer, specifically affecting versions prior to V1.2. This flaw is rooted in inadequate input validation processes, which can permit unauthorized access to sensitive database entries. Attackers exploiting this vulnerability may manipulate input to extract or alter critical data, thereby compromising the integrity and confidentiality of the information handled by the application. Users of the affected product are advised to review their systems and implement necessary mitigations to protect against potential exploitation.

Affected Version(s)

SINEC Traffic Analyzer 0

References

https://cert-portal.siemens.com/productcert/html/ssa-1967...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2024
Vulnerability Reserved
May 13, 2024