EUVD-2024-37658

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability in Omnivise T3000 applications permits credential retrieval leading to network compromise

Reporter	Title	Published	Views	Family All 15
0day.today	Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities	14 Nov 202400:00	–	zdt
BDU FSTEC	The vulnerabilities of the components such as Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System (NIDS), Omnivise T3000 Product Data Management (PDM), Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and Omnivise T3000 Whitelisting Server, along with their software-defined hardware platforms for process management and monitoring in the Siemens Omnivise T3000 system, allow attackers to disclose protected information and enhance their privileges.	2 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-38877	2 Aug 202414:01	–	circl
CNNVD	Siemens Omnivise T3000 安全漏洞	2 Aug 202400:00	–	cnnvd
CNVD	Siemens Omnivise T3000 Application Server Sensitive Information Plaintext Storage Vulnerability	12 Aug 202400:00	–	cnvd
CVE	CVE-2024-38877	2 Aug 202410:36	–	cve
Cvelist	CVE-2024-38877	2 Aug 202410:36	–	cvelist
NCSC	Vulnerabilities fixed in Siemens Omnivise	6 Aug 202409:29	–	ncsc
NVD	CVE-2024-38877	2 Aug 202411:16	–	nvd
OSV	CVE-2024-38877	2 Aug 202411:16	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "0f6486fb-4005-3452-ada0-d420439269b5",
        "vendor": {
          "name": "Siemens"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "2f4115cb-f1e6-3177-8c36-cc4986db6b22",
        "product": {
          "name": "Omnivise T3000 R8.2 SP3"
        },
        "product_version": "0 <*"
      },
      {
        "id": "686b4cfe-5ba5-3926-bede-b6cd644ee716",
        "product": {
          "name": "Omnivise T3000 Thin Client R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "6b5792ac-eb05-3a43-9342-ca2041e43919",
        "product": {
          "name": "Omnivise T3000 Whitelisting Server R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "749fc1d2-1ab6-3f5c-8745-213526bb9c4f",
        "product": {
          "name": "Omnivise T3000 R8.2 SP4"
        },
        "product_version": "0 <*"
      },
      {
        "id": "7f5070b7-75d0-300c-b8a2-5660f86c8421",
        "product": {
          "name": "Omnivise T3000 Product Data Management (PDM) R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "8e956943-fcdb-3ca9-82bd-9e00c16a934c",
        "product": {
          "name": "Omnivise T3000 Domain Controller R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "afd380fb-19a9-3ce1-83d0-04cbd452f86f",
        "product": {
          "name": "Omnivise T3000 Terminal Server R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "b3877aca-5e0c-39b6-b3fe-cd71fed5833e",
        "product": {
          "name": "Omnivise T3000 Security Server R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "d9bc7f35-21d0-36b9-8112-6662ed871b19",
        "product": {
          "name": "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2"
        },
        "product_version": "0 <*"
      },
      {
        "id": "f83bcb89-f944-3844-a0bc-3b040dca1d2d",
        "product": {
          "name": "Omnivise T3000 Application Server R9.2"
        },
        "product_version": "0 <*"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/html/ssa-857368.html

03 Oct 2025 20:07Current

9High risk

Vulners AI Score9

CVSS 3.18.2 - 8.8

CVSS 48.3

EPSS0.00187

SSVC