2024-08-13 10:03:13 +00:00
{
"id" : "CVE-2024-41903" ,
"sourceIdentifier" : "productcert@siemens.com" ,
"published" : "2024-08-13T08:15:12.717" ,
2024-08-14 20:03:14 +00:00
"lastModified" : "2024-08-14T18:39:21.207" ,
"vulnStatus" : "Analyzed" ,
2024-08-13 10:03:13 +00:00
"cveTags" : [ ] ,
"descriptions" : [
{
"lang" : "en" ,
"value" : "A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption."
2024-08-14 20:03:14 +00:00
} ,
{
"lang" : "es" ,
"value" : "Se ha identificado una vulnerabilidad en SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (Todas las versiones < V2.0). La aplicaci\u00f3n afectada monta el sistema de archivos ra\u00edz del contenedor con privilegios de lectura y escritura. Esto podr\u00eda permitir que un atacante altere el sistema de archivos del contenedor, lo que provocar\u00eda modificaciones no autorizadas y corrupci\u00f3n de datos."
2024-08-13 10:03:13 +00:00
}
] ,
"metrics" : {
"cvssMetricV40" : [
{
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "4.0" ,
"vectorString" : "CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.5 ,
"baseSeverity" : "HIGH" ,
2024-08-13 10:03:13 +00:00
"attackVector" : "NETWORK" ,
"attackComplexity" : "HIGH" ,
"attackRequirements" : "NONE" ,
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
2025-03-02 03:03:52 +00:00
"vulnConfidentialityImpact" : "HIGH" ,
"vulnIntegrityImpact" : "HIGH" ,
"vulnAvailabilityImpact" : "HIGH" ,
"subConfidentialityImpact" : "NONE" ,
"subIntegrityImpact" : "NONE" ,
"subAvailabilityImpact" : "NONE" ,
2024-08-13 10:03:13 +00:00
"exploitMaturity" : "NOT_DEFINED" ,
2025-03-02 03:03:52 +00:00
"confidentialityRequirement" : "NOT_DEFINED" ,
"integrityRequirement" : "NOT_DEFINED" ,
"availabilityRequirement" : "NOT_DEFINED" ,
2024-08-13 10:03:13 +00:00
"modifiedAttackVector" : "NOT_DEFINED" ,
"modifiedAttackComplexity" : "NOT_DEFINED" ,
"modifiedAttackRequirements" : "NOT_DEFINED" ,
"modifiedPrivilegesRequired" : "NOT_DEFINED" ,
"modifiedUserInteraction" : "NOT_DEFINED" ,
2025-03-02 03:03:52 +00:00
"modifiedVulnConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedVulnIntegrityImpact" : "NOT_DEFINED" ,
"modifiedVulnAvailabilityImpact" : "NOT_DEFINED" ,
"modifiedSubConfidentialityImpact" : "NOT_DEFINED" ,
"modifiedSubIntegrityImpact" : "NOT_DEFINED" ,
"modifiedSubAvailabilityImpact" : "NOT_DEFINED" ,
"Safety" : "NOT_DEFINED" ,
"Automatable" : "NOT_DEFINED" ,
"Recovery" : "NOT_DEFINED" ,
2024-08-13 10:03:13 +00:00
"valueDensity" : "NOT_DEFINED" ,
"vulnerabilityResponseEffort" : "NOT_DEFINED" ,
2024-12-08 03:06:42 +00:00
"providerUrgency" : "NOT_DEFINED"
2024-08-13 10:03:13 +00:00
}
}
] ,
"cvssMetricV31" : [
2024-08-14 20:03:14 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
2024-08-14 20:03:14 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 6.6 ,
"baseSeverity" : "MEDIUM" ,
2024-08-14 20:03:14 +00:00
"attackVector" : "NETWORK" ,
2024-12-08 03:06:42 +00:00
"attackComplexity" : "HIGH" ,
2024-08-14 20:03:14 +00:00
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-08-14 20:03:14 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 0.7 ,
2024-08-14 20:03:14 +00:00
"impactScore" : 5.9
} ,
2024-08-13 10:03:13 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-08-13 10:03:13 +00:00
"cvssData" : {
"version" : "3.1" ,
2024-12-08 03:06:42 +00:00
"vectorString" : "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" ,
"baseScore" : 7.2 ,
"baseSeverity" : "HIGH" ,
2024-08-13 10:03:13 +00:00
"attackVector" : "NETWORK" ,
2024-12-08 03:06:42 +00:00
"attackComplexity" : "LOW" ,
2024-08-13 10:03:13 +00:00
"privilegesRequired" : "HIGH" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-08-13 10:03:13 +00:00
} ,
2024-12-08 03:06:42 +00:00
"exploitabilityScore" : 1.2 ,
2024-08-13 10:03:13 +00:00
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
{
2024-12-08 03:06:42 +00:00
"source" : "productcert@siemens.com" ,
"type" : "Secondary" ,
2024-08-14 20:03:14 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-269"
2024-08-14 20:03:14 +00:00
}
]
} ,
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-08-13 10:03:13 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "NVD-CWE-noinfo"
2024-08-13 10:03:13 +00:00
}
]
}
] ,
2024-08-14 20:03:14 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:siemens:sinec_traffic_analyzer:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "2.0" ,
"matchCriteriaId" : "4B8318FF-CCF9-4240-AAE3-7D220039EF32"
}
]
}
]
}
] ,
2024-08-13 10:03:13 +00:00
"references" : [
{
"url" : "https://cert-portal.siemens.com/productcert/html/ssa-716317.html" ,
2024-08-14 20:03:14 +00:00
"source" : "productcert@siemens.com" ,
"tags" : [
"Vendor Advisory"
]
2024-08-13 10:03:13 +00:00
}
]
}
