Vulnerabilities > CVE-2024-35207 - Unspecified vulnerability in Siemens Sinec Traffic Analyzer 1.1

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

NVD

Published: 2024-06-11

Updated: 2024-11-21

Summary

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sinec Traffic Analyzer - Siemens Sinec Traffic Analyzer 1.1	2

References

https://cert-portal.siemens.com/productcert/html/ssa-196737.html
https://cert-portal.siemens.com/productcert/html/ssa-196737.html