Sign-up

ID

VAR-202408-0014


CVE

CVE-2024-38876


TITLE

Vulnerabilities in multiple Siemens products

Trust: 0.8

sources: JVNDB: JVNDB-2024-008268

DESCRIPTION

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. omnivise t3000 application server , omnivise t3000 domain controller , omnivise t3000 product data management Unspecified vulnerabilities exist in multiple Siemens products.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Omnivise T3000 is a distributed control system used in fossil fuel and large renewable energy power plants

Trust: 2.16

sources: NVD: CVE-2024-38876 // JVNDB: JVNDB-2024-008268 // CNVD: CNVD-2024-35106

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2024-35106

AFFECTED PRODUCTS

vendor:siemensmodel:omnivise t3000 terminal serverscope:gteversion:r9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 thin clientscope:gteversion:r9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 domain controllerscope:gteversion:r9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 whitelisting serverscope:gteversion:r9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 product data managementscope:gteversion:r9.2

Trust: 1.0

vendor:siemensmodel:omnivise t3000 application serverscope:gteversion:r9.2

Trust: 1.0

vendor:シーメンスmodel:omnivise t3000 domain controllerscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 product data managementscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 whitelisting serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 application serverscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 thin clientscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:omnivise t3000 terminal serverscope: - version: -

Trust: 0.8

vendor:siemensmodel:omnivise t3000 application serverscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 domain controllerscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 product data managementscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 terminal serverscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 thin clientscope: - version: -

Trust: 0.6

vendor:siemensmodel:omnivise t3000 whitelisting serverscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2024-35106 // JVNDB: JVNDB-2024-008268 // NVD: CVE-2024-38876

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2024-38876
value: HIGH

Trust: 1.0

productcert@siemens.com: CVE-2024-38876
value: HIGH

Trust: 1.0

NVD: CVE-2024-38876
value: HIGH

Trust: 0.8

CNVD: CNVD-2024-35106
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2024-35106
severity: MEDIUM
baseScore: 6.8
vectorString: AV:L/AC:L/AU:S/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2024-38876
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2024-38876
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2024-35106 // JVNDB: JVNDB-2024-008268 // NVD: CVE-2024-38876 // NVD: CVE-2024-38876

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-552

Trust: 1.0

problemtype:Externally accessible file or directory (CWE-552) [ others ]

Trust: 0.8

problemtype: Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2024-008268 // NVD: CVE-2024-38876

PATCH

title:Patch for Siemens Omnivise T3000 Application Server Code Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/576706

Trust: 0.6

sources: CNVD: CNVD-2024-35106

EXTERNAL IDS

db:NVDid:CVE-2024-38876

Trust: 3.2

db:SIEMENSid:SSA-857368

Trust: 2.4

db:JVNid:JVNVU99298639

Trust: 0.8

db:JVNDBid:JVNDB-2024-008268

Trust: 0.8

db:CNVDid:CNVD-2024-35106

Trust: 0.6

sources: CNVD: CNVD-2024-35106 // JVNDB: JVNDB-2024-008268 // NVD: CVE-2024-38876

REFERENCES

url:https://cert-portal.siemens.com/productcert/html/ssa-857368.html

Trust: 2.4

url:https://jvn.jp/vu/jvnvu99298639/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2024-38876

Trust: 0.8

sources: CNVD: CNVD-2024-35106 // JVNDB: JVNDB-2024-008268 // NVD: CVE-2024-38876

SOURCES

db:CNVDid:CNVD-2024-35106
db:JVNDBid:JVNDB-2024-008268
db:NVDid:CVE-2024-38876

LAST UPDATE DATE

2024-09-19T21:35:15.825000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2024-35106date:2024-08-12T00:00:00
db:JVNDBid:JVNDB-2024-008268date:2024-09-18T02:41:00
db:NVDid:CVE-2024-38876date:2024-09-17T14:45:04.577

SOURCES RELEASE DATE

db:CNVDid:CNVD-2024-35106date:2024-08-12T00:00:00
db:JVNDBid:JVNDB-2024-008268date:2024-09-18T00:00:00
db:NVDid:CVE-2024-38876date:2024-08-02T11:16:41.643