Primary

Context

Siemens SINEC Traffic Analyzer Cross-Site Scripting Vulnerability

Vulnerability

A cross-site scripting vulnerability has been identified in Siemens SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) versions prior to 3.0. The issue arises from the application's Content Security Policy, which permits unsafe script execution methods. This flaw could enable an attacker to execute unauthorized scripts, potentially leading to cross-site scripting attacks.

Impact

Exploitation of this vulnerability could result in cross-site scripting, allowing for the injection of malicious scripts that could be executed in the context of the user's browser.

Remediation

Siemens has released a new version of SINEC Traffic Analyzer and recommends updating to the latest version. For products where fixes are not yet available, Siemens advises following general security recommendations and operational guidelines for Industrial Security.

Added: Aug 12, 2025, 12:17 PM

Updated: Aug 12, 2025, 2:34 PM

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.2

impact

1.7

exploitability

4.4

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens SINEC Traffic Analyzer Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Siemens SINEC Traffic Analyzer

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating