CVE-2024-41903

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption.

CVSS v3 7.2 HIGH

7.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert-portal.siemens.com/productcert/html/ssa-716317.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*

History

14 Aug 2024, 18:39

Type	Values Removed	Values Added
References	~~() https://cert-portal.siemens.com/productcert/html/ssa-716317.html -~~	() https://cert-portal.siemens.com/productcert/html/ssa-716317.html - Vendor Advisory
First Time		Siemens Siemens sinec Traffic Analyzer
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:a:siemens:sinec_traffic_analyzer::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~6.6~~	v2 : unknown v3 : 7.2
Summary		(es) Se ha identificado una vulnerabilidad en SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (Todas las versiones < V2.0). La aplicación afectada monta el sistema de archivos raíz del contenedor con privilegios de lectura y escritura. Esto podría permitir que un atacante altere el sistema de archivos del contenedor, lo que provocaría modificaciones no autorizadas y corrupción de datos.

13 Aug 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-13 08:15

Updated : 2024-08-14 18:39

NVD link : CVE-2024-41903

Mitre link : CVE-2024-41903

CVE.ORG link : CVE-2024-41903

JSON object : View

Products Affected

siemens

sinec_traffic_analyzer

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

{"id": "CVE-2024-41903", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}], "cvssMetricV40": [{"type": "Secondary", "source": "productcert@siemens.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 7.5, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "HIGH", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-08-13T08:15:12.717", "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-716317.html", "tags": ["Vendor Advisory"], "source": "productcert@siemens.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "productcert@siemens.com", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption."}, {"lang": "es", "value": "Se ha identificado una vulnerabilidad en SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (Todas las versiones < V2.0). La aplicaci\u00f3n afectada monta el sistema de archivos ra\u00edz del contenedor con privilegios de lectura y escritura. Esto podr\u00eda permitir que un atacante altere el sistema de archivos del contenedor, lo que provocar\u00eda modificaciones no autorizadas y corrupci\u00f3n de datos."}], "lastModified": "2024-08-14T18:39:21.207", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B8318FF-CCF9-4240-AAE3-7D220039EF32", "versionEndExcluding": "2.0"}], "operator": "OR"}]}], "sourceIdentifier": "productcert@siemens.com"}