Lucene search

[email protected]NVD:CVE-2024-38876

HistoryAug 02, 2024 - 11:16 a.m.

CVE-2024-38876

2024-08-0211:16:41

CWE-552

[email protected]

web.nvd.nist.gov

vulnerability

omnivise t3000

application server

domain controller

product data management

terminal server

thin client

local authenticated

arbitrary code

elevated privileges

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.

Affected configurations

Nvd

Node

siemensomnivise_t3000_application_serverRanger9.2≥

siemensomnivise_t3000_domain_controllerRanger9.2≥

siemensomnivise_t3000_product_data_managementRanger9.2≥

siemensomnivise_t3000_terminal_serverRanger9.2≥

siemensomnivise_t3000_thin_clientRanger9.2≥

siemensomnivise_t3000_whitelisting_serverRanger9.2≥

VendorProductVersionCPE
siemensomnivise_t3000_application_server*cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*
siemensomnivise_t3000_domain_controller*cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*
siemensomnivise_t3000_product_data_management*cpe:2.3:a:siemens:omnivise_t3000_product_data_management:*:*:*:*:*:*:*:*
siemensomnivise_t3000_terminal_server*cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*
siemensomnivise_t3000_thin_client*cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*
siemensomnivise_t3000_whitelisting_server*cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	omnivise_t3000_application_server	*	cpe:2.3:a:siemens:omnivise_t3000_application_server::::::::
siemens	omnivise_t3000_domain_controller	*	cpe:2.3:a:siemens:omnivise_t3000_domain_controller::::::::
siemens	omnivise_t3000_product_data_management	*	cpe:2.3:a:siemens:omnivise_t3000_product_data_management::::::::
siemens	omnivise_t3000_terminal_server	*	cpe:2.3:a:siemens:omnivise_t3000_terminal_server::::::::
siemens	omnivise_t3000_thin_client	*	cpe:2.3:a:siemens:omnivise_t3000_thin_client::::::::
siemens	omnivise_t3000_whitelisting_server	*	cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server::::::::

References

cert-portal.siemens.com/productcert/html/ssa-857368.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.4%

JSON

Related for NVD:CVE-2024-38876

vulnrichment1 cvelist1 cve1