CVE-2024-41904

HIGH

Siemens Sinec Traffic Analyzer < 2.0 - Brute Force

Title source: rule

Description

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application do not properly enforce restriction of excessive authentication attempts. This could allow an unauthenticated attacker to conduct brute force attacks against legitimate user credentials or keys.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-716317.html

Scores

CVSS v3 7.5

EPSS 0.0059

EPSS Percentile 69.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-307

Status published

Products (1)

siemens/sinec_traffic_analyzer < 2.0

Published Aug 13, 2024

Tracked Since Feb 18, 2026