48 matches found
EUVD-2024-37657
Malicious code in bioql PyPI...
EUVD-2024-37660
Malicious code in bioql PyPI...
EUVD-2024-37659
Malicious code in bioql PyPI...
EUVD-2024-37658
Malicious code in bioql PyPI...
CVE-2024-38879
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumven...
CVE-2024-38877
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Network Intrusion Detection System NIDS R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8...
CVE-2024-38878
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path...
CVE-2024-38876
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 Domain Controller R9.2 All versions, Omnivise T3000 Product Data Management PDM R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions, Omnivise T3000...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download Vulnerabilities
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass...
Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Siemens Energy Omnivise T3000 vulnerable version: =8.2 SP3 fixed version: see solution section CVE number: CVE-2024-38876, CVE-2024-3887...
Siemens Omnivise T3000 Application Server Code Execution Vulnerability
The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A code execution vulnerability exists in the Siemens Omnivise T3000 Application Server that could be exploited by a local, authenticated attacker to execute arbitrary code with elevated...
Siemens Omnivise T3000 Application Server Sensitive Information Plaintext Storage Vulnerability
The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A sensitive information plaintext storage vulnerability exists in the Siemens Omnivise T3000 Application Server due to an affected device storing initial system credentials without adequate...
Siemens Omnivise T3000 Application Server Path Traversal Vulnerability
The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. A path traversal vulnerability exists in the Siemens Omnivise T3000 Application Server that can be exploited by an attacker to download arbitrary files from the file system...
Siemens Omnivise T3000 Application Server Input Validation Improperity Vulnerability
The Omnivise T3000 is a distributed control system for fossil fuel and large renewable energy power plants. An improper input validation vulnerability exists in the Siemens Omnivise T3000 Application Server due to an affected system exposing an internal application port on a public network...
The vulnerability of the Omnivise T3000 Application Server’s software-defined hardware environment for monitoring industrial processes in Siemens Omnivise T3000 systems arises from incorrect restrictions on path names in the restricted access catalog. This allows attackers to upload arbitrary files.
The vulnerability of the Omnivise T3000 Application Server, a software-and-hardware platform for managing and monitoring industrial processes from Siemens, is related to an incorrect limitation on the path name to the restricted access catalog. Exploiting this vulnerability allows a malicious act...
The vulnerabilities of the Omnivise T3000 Application Server, Omnivise T3000 Terminal Server, and Omnivise T3000 Whitelisting Server, related to the use of files and directories accessible to external parties, allow attackers to escalate their privileges and execute arbitrary code.
The vulnerabilities of the Omnivise T3000 Application Server, Omnivise T3000 Terminal Server, and Omnivise T3000 Whitelisting Server, which are part of Siemens’s industrial process management and monitoring software, are related to the use of files and directories accessible to external parties...
The vulnerability of the Omnivise T3000 Application Server’s software-defined hardware environment for monitoring industrial processes in Siemens Omnivise T3000 systems stems from insufficient validation of input data. This allows attackers to bypass authentication procedures and gain unauthorized access to protected information.
The vulnerability of the Omnivise T3000 Application Server, a software-and-hardware platform for managing and monitoring industrial processes from Siemens, is related to insufficient verification of input data. Exploiting this vulnerability allows an attacker to bypass authentication procedures a...
Vulnerabilities fixed in Siemens Omnivise
Siemens Energy has fixed vulnerabilities in Omnivise T3000. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges on the vulnerable system and thus execute arbitrary code, possibly with system privileges. For successful abuse, the malicious party must be...
CVE-2024-38879
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 All versions, Omnivise T3000 R8.2 SP3 All versions, Omnivise T3000 R8.2 SP4 All versions. The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumven...