CVE-2024-35209 Siemens CVE debrief

Who should care

Organizations operating Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) in industrial environments, particularly those with exposed web management interfaces. Security teams responsible for OT/ICS infrastructure and compliance with industrial cybersecurity frameworks should prioritize patching.

Technical summary

The SINEC Traffic Analyzer web server improperly allows HTTP PUT and DELETE methods, enabling potential unauthorized file modification. The vulnerability requires local access (AV:L) with no privileges required (PR:N) and no user interaction (UI:N), resulting in high integrity impact (I:H) with no confidentiality or availability impact. The attack complexity is low (AC:L).

Defensive priority

medium

Recommended defensive actions

• Update Siemens SINEC Traffic Analyzer to version 1.2 or later per vendor guidance
• Review and restrict HTTP method configurations on affected web servers
• Apply defense-in-depth strategies for industrial control systems per CISA guidance
• Monitor for unauthorized file modifications on affected systems
• Validate that web server configurations explicitly disable unnecessary HTTP methods

Evidence notes

The vulnerability description is sourced from CISA CSAF advisory ICSA-24-165-13, which references Siemens security advisory SSA-196737. The CVSS 3.1 vector (AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N) indicates a local attack vector with high integrity impact. The affected product is confirmed as SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) per the CSAF product tree with high confidence.

Official resources