Sign-up

ID

VAR-202408-0013


CVE

CVE-2024-38879


TITLE

Siemens'  omnivise t3000 application server  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2024-008693

DESCRIPTION

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application. Siemens' omnivise t3000 application server Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omnivise T3000 is a distributed control system mainly used in fossil fuel and large renewable energy power plants. Siemens Omnivise T3000 Application Server has an improper input validation vulnerability

Trust: 2.16

sources: NVD: CVE-2024-38879 // JVNDB: JVNDB-2024-008693 // CNVD: CNVD-2024-35109

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35109

AFFECTED PRODUCTS

vendor:siemensmodel:omnivise t3000 application serverscope:eqversion:9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 application serverscope:eqversion:8.2

Trust: 1.0

vendor:シーメンスmodel:omnivise t3000 application serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 application serverscope:eqversion:8.2

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 application serverscope:eqversion:9.2

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 application serverscope:eqversion: -

Trust: 0.8

vendor:siemensmodel:omnivise t3000 application serverscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 domain controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 product data managementscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 terminal serverscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 thin clientscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 whitelisting serverscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-35109 // JVNDB: JVNDB-2024-008693 // NVD: CVE-2024-38879

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-38879
value: CRITICAL

Trust: 1.0

productcert@siemens.com: CVE-2024-38879
value: HIGH

Trust: 1.0

NVD: CVE-2024-38879
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2024-35109
value: HIGH

Trust: 0.6

CNVD: CNVD-2024-35109
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-38879
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

productcert@siemens.com: CVE-2024-38879
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2024-38879
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-35109 // JVNDB: JVNDB-2024-008693 // NVD: CVE-2024-38879 // NVD: CVE-2024-38879

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008693 // NVD: CVE-2024-38879

PATCH

title:Patch for Siemens Omnivise T3000 Application Server Improper Input Validation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576731

Trust: 0.6

sources: CNVD: CNVD-2024-35109

EXTERNAL IDS

db:NVDid:CVE-2024-38879

Trust: 3.2

db:SIEMENSid:SSA-857368

Trust: 2.4

db:JVNid:JVNVU99298639

Trust: 0.8

db:JVNDBid:JVNDB-2024-008693

Trust: 0.8

db:CNVDid:CNVD-2024-35109

Trust: 0.6

sources: CNVD: CNVD-2024-35109 // JVNDB: JVNDB-2024-008693 // NVD: CVE-2024-38879

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-857368.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99298639/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-38879

Trust: 0.8

sources: CNVD: CNVD-2024-35109 // JVNDB: JVNDB-2024-008693 // NVD: CVE-2024-38879

SOURCES

db:CNVDid:CNVD-2024-35109
db:JVNDBid:JVNDB-2024-008693
db:NVDid:CVE-2024-38879

LAST UPDATE DATE

2024-09-25T20:10:26.412000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35109date:2024-08-12T00:00:00
db:JVNDBid:JVNDB-2024-008693date:2024-09-24T02:10:00
db:NVDid:CVE-2024-38879date:2024-09-20T23:26:28.767

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35109date:2024-08-12T00:00:00
db:JVNDBid:JVNDB-2024-008693date:2024-09-24T00:00:00
db:NVDid:CVE-2024-38879date:2024-08-02T11:16:42.510