cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-41907,https://securityvulnerability.io/vulnerability/CVE-2024-41907,Clickjacking Vulnerability in SINEC Traffic Analyzer,A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application is missing general HTTP security headers in the web server. This could allow an attacker to make the servers more prone to clickjacking attack.,Siemens,Sinec Traffic Analyzer,5.4,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-13T07:54:27.688Z,0
CVE-2024-41906,https://securityvulnerability.io/vulnerability/CVE-2024-41906,Cache Abuse Vulnerability in Traffic Analyzer,A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.,Siemens,Sinec Traffic Analyzer,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-13T07:54:26.385Z,0
CVE-2024-41905,https://securityvulnerability.io/vulnerability/CVE-2024-41905,SINEC Traffic Analyzer Vulnerability: Unauthorized Access to Sensitive Information,A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not have access control for accessing the files. This could allow an authenticated attacker with low privilege's to get access to sensitive information.,Siemens,Sinec Traffic Analyzer,6.5,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-08-13T07:54:25.056Z,0
CVE-2024-41904,https://securityvulnerability.io/vulnerability/CVE-2024-41904,Brute Force Attack Vulnerability Affects SINEC Traffic Analyzer,"A significant vulnerability has been identified in the SINEC Traffic Analyzer by Siemens, specifically in version 6GK8822-1BG01-0BA0 and all earlier versions prior to 2.0. This vulnerability arises from the application’s failure to adequately restrict excessive authentication attempts. As a result, an attacker without authentication could initiate brute force attacks against valid user credentials or keys, potentially leading to unauthorized access to the system. Organizations using affected versions are advised to implement necessary security measures to protect against these kinds of attacks.",Siemens,Sinec Traffic Analyzer,7.5,HIGH,0.0007399999885819852,false,,false,false,false,,,false,false,,2024-08-13T07:54:23.788Z,0
CVE-2024-41903,https://securityvulnerability.io/vulnerability/CVE-2024-41903,Container RootFS Privilege Escalation Vulnerability,"A security vulnerability has been identified in the SINEC Traffic Analyzer, specifically in versions prior to V2.0. The application mounts the container's root filesystem with excessive privileges, allowing an attacker to potentially modify the filesystem. This situation poses risks of unauthorized changes to critical data and could lead to significant data corruption, compromising the integrity of the SINEC Traffic Analyzer system. Organizations using this product should evaluate their security posture in light of this vulnerability.",Siemens,Sinec Traffic Analyzer,7.2,HIGH,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-13T07:54:22.465Z,0
CVE-2024-35212,https://securityvulnerability.io/vulnerability/CVE-2024-35212,Attackers Can Gain Access to Database Entries via Lack of Input Validation,"A significant vulnerability has been detected in SINEC Traffic Analyzer, specifically affecting versions prior to V1.2. This flaw is rooted in inadequate input validation processes, which can permit unauthorized access to sensitive database entries. Attackers exploiting this vulnerability may manipulate input to extract or alter critical data, thereby compromising the integrity and confidentiality of the information handled by the application. Users of the affected product are advised to review their systems and implement necessary mitigations to protect against potential exploitation.",Siemens,Sinec Traffic Analyzer,6.9,MEDIUM,0.0009800000116229057,false,,false,false,false,,,false,false,,2024-06-11T11:15:54.878Z,0
CVE-2024-35211,https://securityvulnerability.io/vulnerability/CVE-2024-35211,Session Cookie Vulnerability in SINEC Traffic Analyzer by Siemens,"A session cookie vulnerability has been detected in Siemens' SINEC Traffic Analyzer, where the web server fails to set important security attributes for session cookies after user login. This oversight allows potential attackers to exploit unsecured cookies, posing risks such as session hijacking and unauthorized access. The affected versions of the product are those prior to V1.2, emphasizing the need for immediate attention to enhance security measures.",Siemens,Sinec Traffic Analyzer,6.8,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-06-11T11:15:53.465Z,0
CVE-2024-35210,https://securityvulnerability.io/vulnerability/CVE-2024-35210,Vulnerability in SINEC Traffic Analyzer Web Server Due to HSTS Non-Compliance,"The SINEC Traffic Analyzer, specifically version 6GK8822-1BG01-0BA0, is susceptible to a significant vulnerability due to its web server's failure to enforce HTTP Strict Transport Security (HSTS). This oversight may permit attackers to execute downgrade attacks, compromising the confidentiality of sensitive information. The vulnerability affects all versions of the product prior to V1.2, necessitating immediate attention by users to ensure their systems remain secure against potential threats. For more detailed information, visit the official reference page.",Siemens,Sinec Traffic Analyzer,5.1,MEDIUM,0.0009699999936856329,false,,false,false,false,,,false,false,,2024-06-11T11:15:52.053Z,0
CVE-2024-35209,https://securityvulnerability.io/vulnerability/CVE-2024-35209,File Modification Vulnerability in SINEC Traffic Analyzer by Siemens,"A vulnerability exists in the SINEC Traffic Analyzer that permits the use of insecure HTTP methods such as PUT and DELETE. This flaw can enable attackers to modify files without authorization, which poses significant risks to the integrity and security of the web server environment. Immediate action is essential to mitigate potential risks associated with file manipulation and unauthorized access.",Siemens,Sinec Traffic Analyzer,6.9,MEDIUM,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-06-11T11:15:50.551Z,0
CVE-2024-35208,https://securityvulnerability.io/vulnerability/CVE-2024-35208,Cleartext Password Storage Vulnerability Affects SINEC Traffic Analyzer,A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server stored the password in cleartext. This could allow attacker in a privileged position to obtain access passwords.,Siemens,Sinec Traffic Analyzer,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-11T11:15:49.108Z,0
CVE-2024-35207,https://securityvulnerability.io/vulnerability/CVE-2024-35207,Cross-Site Request Forgery Vulnerability in Siemens SINEC Traffic Analyzer,"A vulnerability exists in the web interface of the Siemens SINEC Traffic Analyzer, specifically affecting all versions prior to V1.2. This flaw exposes the product to potential Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this vulnerability by deceiving an authenticated user into clicking a malicious link, leading to unauthorized actions being performed on the device without the user's knowledge. This can compromise the integrity and security of the affected systems, allowing attackers to manipulate settings or gather sensitive data.",Siemens,Sinec Traffic Analyzer,7.8,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-06-11T11:15:47.708Z,0
CVE-2024-35206,https://securityvulnerability.io/vulnerability/CVE-2024-35206,Session Expiration Vulnerability in SINEC Traffic Analyzer by Siemens,"A vulnerability has been detected in the SINEC Traffic Analyzer, specifically affecting all versions prior to V1.2. This flaw is rooted in the application's failure to properly expire user sessions, potentially allowing attackers to exploit this oversight for unauthorized access to the system. Organizations using affected versions should prioritize updates to mitigate security risks associated with session management defects.",Siemens,Sinec Traffic Analyzer,8.5,HIGH,0.0010100000072270632,false,,false,false,false,,,false,false,,2024-06-11T11:15:46.277Z,0