Cyber Resilience

CVE-2024-41906

Medium

Published: 13 August 2024

Published
13 August 2024
Modified
14 August 2024
KEV Added
Patch
CVSS Score v4 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0036 58.2th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-41906 is a medium-severity Use of Cache Containing Sensitive Information (CWE-524) vulnerability in Siemens Sinec Traffic Analyzer. Its CVSS base score is 6.3 (Medium).

Operationally, ranked in the top 41.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application does not properly handle cacheable HTTP responses in the web service. This could allow an attacker to read and modify data stored in…

more

the local cache.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

siemens
sinec traffic analyzer
≤ 2.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-524

Refreshing cached data or generating it ephemerally and deleting afterward directly mitigates storage of sensitive information in caches.

References