CVE-2024-35211

EPSS 0.2%
Veröffentlicht 11.06.2024 12:15:17
Zuletzt bearbeitet 11.02.2025 11:15:13
Quelle productcert@siemens.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Sinec Traffic Analyzer Version < 1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.421

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
productcert@siemens.com	6.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.

https://cert-portal.siemens.com/productcert/html/ssa-196737.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-35211

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-35211

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-35211

EUVD