SSA-517338

Siemens Security Advisory by Siemens ProductCERT

SSA-517338: Multiple Vulnerabilities in SINEC Traffic Analyzer Before V3.0

Publication Date:	2025-08-12
Last Update:	2025-08-12
Current Version:	V1.0
CVSS v3.1 Base Score:	7.8
CVSS v4.0 Base Score:	8.8

SUMMARY

SINEC Traffic Analyzer before V3.0 is affected by multiple vulnerabilities.

Siemens has released a new version for SINEC Traffic Analyzer and recommends to update to the latest version. Siemens is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

KNOWN AFFECTED PRODUCTS

Un-/Collapse All

Affected Product and Versions	Remediation
SINEC Traffic Analyzer (6GK8822-1BG01-0BA0)	Show more details
SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) All versions < V3.0 affected by multiple CVEs CVE-2024-24989 CVE-2024-24990 CVE-2025-40766 CVE-2025-40767 CVE-2025-40768 CVE-2025-40769	Update to V3.0 or later version https://support.industry.siemens.com/cs/ww/en/view/109987676/
SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) All versions affected by CVE-2025-40770	Currently no fix is available

WORKAROUNDS AND MITIGATIONS

Product-specific remediations or mitigations can be found in the section Known Affected Products.
Please follow the General Security Recommendations.

GENERAL SECURITY RECOMMENDATIONS

As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download: https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals. Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity

VULNERABILITY DESCRIPTION

Un-/Collapse All

This chapter describes all vulnerabilities (CVE-IDs) addressed in this security advisory. Wherever applicable, it also documents the product-specific impact of the individual vulnerabilities.

Vulnerability CVE-2024-24989

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .

NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE	CWE-476: NULL Pointer Dereference

Vulnerability CVE-2024-24990

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate.

Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html .

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS v3.1 Base Score	7.5
CVSS v3.1 Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE	CWE-416: Use After Free

Vulnerability CVE-2025-40766

The affected application runs docker containers without adequate resource and security limitations. This could allow an attacker to perform a denial-of-service (DoS) attack.

CVSS v3.1 Base Score	5.5
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS v4.0 Base Score	6.8
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CWE	CWE-400: Uncontrolled Resource Consumption

Vulnerability CVE-2025-40767

The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources.

CVSS v3.1 Base Score	7.8
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS v4.0 Base Score	8.8
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
CWE	CWE-250: Execution with Unnecessary Privileges

Vulnerability CVE-2025-40768

The affected application exposes an internal service port to be accessible from outside the system. This could allow an unauthorized attacker to access the application.

CVSS v3.1 Base Score	7.3
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CVSS v4.0 Base Score	7.0
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N
CWE	CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

Vulnerability CVE-2025-40769

The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks.

CVSS v3.1 Base Score	7.4
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	7.5
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-1164: Irrelevant Code

Vulnerability CVE-2025-40770

The affected application uses a monitoring interface that is not operating in a strictly passive mode. This could allow an attacker to interact with the interface, leading to man-in-the-middle attacks.

CVSS v3.1 Base Score	7.4
CVSS v3.1 Vector	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v4.0 Base Score	7.5
CVSS v4.0 Vector	CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CWE	CWE-300: Channel Accessible by Non-Endpoint

ADDITIONAL INFORMATION

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

HISTORY DATA

V1.0 (2025-08-12):

Publication Date

The use of Siemens Security Advisories is subject to the terms and conditions listed on: https://www.siemens.com/productcert/terms-of-use.