Vulnerabilities fixed in Siemens Omnivise

🗓️ 06 Aug 2024 09:29:53Reported by NCSCType

Siemens fixed Omnivise T3000 flaws enabling elevated privileges and remote code execution for authorized attackers.

Reporter	Title	Published	Views	Family All 51
0day.today	Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities	14 Nov 202400:00	–	zdt
BDU FSTEC	The vulnerabilities of the components such as Omnivise T3000 Application Server, Omnivise T3000 Domain Controller, Omnivise T3000 Network Intrusion Detection System (NIDS), Omnivise T3000 Product Data Management (PDM), Omnivise T3000 Security Server, Omnivise T3000 Terminal Server, Omnivise T3000 Thin Client, and Omnivise T3000 Whitelisting Server, along with their software-defined hardware platforms for process management and monitoring in the Siemens Omnivise T3000 system, allow attackers to disclose protected information and enhance their privileges.	2 Aug 202400:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Omnivise T3000 Application Server’s software-defined hardware environment for monitoring industrial processes in Siemens Omnivise T3000 systems arises from incorrect restrictions on path names in the restricted access catalog. This allows attackers to upload arbitrary files.	7 Aug 202400:00	–	bdu_fstec
BDU FSTEC	The vulnerabilities of the Omnivise T3000 Application Server, Omnivise T3000 Terminal Server, and Omnivise T3000 Whitelisting Server, related to the use of files and directories accessible to external parties, allow attackers to escalate their privileges and execute arbitrary code.	7 Aug 202400:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Omnivise T3000 Application Server’s software-defined hardware environment for monitoring industrial processes in Siemens Omnivise T3000 systems stems from insufficient validation of input data. This allows attackers to bypass authentication procedures and gain unauthorized access to protected information.	7 Aug 202400:00	–	bdu_fstec
Circl	CVE-2024-38876	2 Aug 202414:01	–	circl
Circl	CVE-2024-38877	2 Aug 202414:01	–	circl
Circl	CVE-2024-38878	2 Aug 202414:01	–	circl
Circl	CVE-2024-38879	2 Aug 202414:01	–	circl
CNNVD	Siemens Omnivise T3000 路径遍历漏洞	2 Aug 202400:00	–	cnnvd