Brute Force Attack Vulnerability Affects SINEC Traffic Analyzer
CVE-2024-41904
7.5HIGH
Summary
A significant vulnerability has been identified in the SINEC Traffic Analyzer by Siemens, specifically in version 6GK8822-1BG01-0BA0 and all earlier versions prior to 2.0. This vulnerability arises from the application’s failure to adequately restrict excessive authentication attempts. As a result, an attacker without authentication could initiate brute force attacks against valid user credentials or keys, potentially leading to unauthorized access to the system. Organizations using affected versions are advised to implement necessary security measures to protect against these kinds of attacks.
Affected Version(s)
SINEC Traffic Analyzer 0
References
CVSS V3.1
Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved