CVE-2024-35211

Summary

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V1.2). The affected web server, after a successful login, sets the session cookie on the browser, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”).

Affected Software

VendorProductVersion RangeStatus
SiemensSINEC Traffic Analyzer0 < V1.2affected

Weaknesses

  • CWE-614: CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References