Filtered by vendor Siemens Subscriptions
Filtered by product Sinec Traffic Analyzer Subscriptions
Total 12 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-35212 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 7.5 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application lacks input validation due to which an attacker can gain access to the Database entries.
CVE-2024-35211 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 6.5 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).
CVE-2024-35210 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 6.5 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is not enforcing HSTS. This could allow an attacker to perform downgrade attacks exposing confidential information.
CVE-2024-35209 1 Siemens 2 Sinec Traffic Analyzer, Traffic Analyzer 2024-11-21 7.5 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server is allowing HTTP methods like PUT and Delete. This could allow an attacker to modify unauthorized files.
CVE-2024-35208 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 6.3 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.
CVE-2024-35207 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 7.8 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery(CSRF) attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.
CVE-2024-35206 1 Siemens 1 Sinec Traffic Analyzer 2024-11-21 7.8 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected application does not expire the session. This could allow an attacker to get unauthorized access.
CVE-2024-41904 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 7.5 High
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys.
CVE-2024-41903 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 6.6 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption.
CVE-2024-41907 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 4.2 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.
CVE-2024-41906 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 4.8 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.
CVE-2024-41905 1 Siemens 1 Sinec Traffic Analyzer 2024-08-14 6.8 Medium
A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.