CVE-2024-35206 Siemens CVE debrief

Who should care

Industrial network administrators, OT security teams, and organizations using Siemens SINEC Traffic Analyzer for network monitoring in critical infrastructure environments

Technical summary

The SINEC Traffic Analyzer application fails to implement proper session expiration, allowing authenticated sessions to persist indefinitely. An attacker with local access (AV:L) could leverage a non-expired session to gain unauthorized access without requiring user interaction (UI:N) or privileges (PR:N). The vulnerability enables high-impact confidentiality and integrity compromise (C:H/I:H) though availability is not affected (A:N). The attack complexity is low (AC:L) with unchanged scope (S:U).

Defensive priority

HIGH

Recommended defensive actions

• Apply vendor fix: Update SINEC Traffic Analyzer to V1.2 or later version per Siemens security advisory
• Review and enforce session timeout policies across all industrial network management interfaces
• Implement network segmentation to limit exposure of traffic analyzer systems
• Monitor for anomalous session persistence or unauthorized access attempts on affected systems
• Apply defense-in-depth controls per CISA ICS recommended practices for industrial control systems

Evidence notes

CISA CSAF advisory ICSA-24-165-13 identifies the affected product as SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) with CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N. The advisory was revised February 11, 2025 (CVSS vector update) and May 6, 2025 (typo corrections). Siemens published corresponding advisory SSA-196737. No CISA KEV listing.

Official resources