CVE-2024-41906

CWE-5243 documents3 sources

Severity

6.3MEDIUM

EPSS

0.4%

top 42.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Siemens Sinec Traffic Analyzer

Timeline

PublishedAug 13

Description

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in the local cache.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5siemens/sinec_traffic_analyzer< V2.0

▶NVDsiemens/sinec_traffic_analyzer< 2.0

🔴Vulnerability Details

CVEList

CVE-2024-41906: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2↗2024-08-13

▶

GHSA

GHSA-f957-w8wh-r29f: A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2↗2024-08-13

▶