PatchSiren cyber security CVE debrief
CVE-2024-35210 Siemens CVE debrief
A medium-severity vulnerability in Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) allows downgrade attacks due to missing HTTP Strict Transport Security (HSTS) enforcement on the affected web server. Published 2024-06-11 and last modified 2025-05-06, this issue could expose confidential information if an attacker successfully intercepts and downgrades HTTPS connections. The vulnerability requires local network access with low attack complexity and no privileges, but no user interaction is needed. Siemens has released a vendor fix in version 1.2 or later.
- Vendor
- Siemens
- Product
- SINEC Traffic Analyzer (6GK8822-1BG01-0BA0)
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-06-11
- Original CVE updated
- 2025-05-06
- Advisory published
- 2024-06-11
- Advisory updated
- 2025-05-06
Who should care
Industrial network administrators, OT security teams, and organizations using Siemens SINEC Traffic Analyzer for network monitoring in critical infrastructure environments.
Technical summary
The SINEC Traffic Analyzer web server fails to enforce HTTP Strict Transport Security (HSTS), allowing attackers to strip TLS encryption through downgrade attacks. This network-layer weakness in HTTPS implementation exposes session traffic to interception. The vulnerability is locally exploitable with CVSS 3.1 score 5.1 (Medium). Remediation requires updating to firmware version 1.2 or later which implements proper HSTS header enforcement.
Defensive priority
medium
Recommended defensive actions
- Apply vendor fix: Update SINEC Traffic Analyzer to version 1.2 or later per Siemens security advisory SSA-196737.
- Verify HSTS enforcement after update by checking HTTP response headers for Strict-Transport-Security directives.
- Implement network segmentation to limit exposure of ICS web management interfaces to untrusted networks.
- Monitor for suspicious network activity indicating potential man-in-the-middle or downgrade attempts against HTTPS connections.
- Review CISA ICS recommended practices for defense-in-depth strategies applicable to industrial control systems.
Evidence notes
CISA CSAF advisory ICSA-24-165-13 documents this vulnerability with CVSS 3.1 vector AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N. The advisory was revised twice: 2025-02-11 (CVSS vector update) and 2025-05-06 (typo corrections). Siemens SSA-196737 provides the authoritative vendor security advisory.
Official resources
-
CVE-2024-35210 CVE record
CVE.org
-
CVE-2024-35210 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-06-11