A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact High

Subsequent System Integrity Impact High

Subsequent System Availability Impact High

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Affected Vendors & Products

Vendors Products
Siemens
  • Omnivise T3000 Application Server
  • Omnivise T3000 Domain Controller
  • Omnivise T3000 Network Intrusion Detection System
  • Omnivise T3000 Nids
  • Omnivise T3000 Pdim
  • Omnivise T3000 Product Data Management
  • Omnivise T3000 Security Server
  • Omnivise T3000 Terminal Server
  • Omnivise T3000 Thin Client
  • Omnivise T3000 Whitelisting Server

Configuration 1 [-]

OR cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_network_intrusion_detection_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_product_data_management:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*

No data.

References
Link Providers
https://cert-portal.siemens.com/productcert/html/ssa-857368.html cve-icon cve-icon
History

Sat, 21 Sep 2024 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Siemens omnivise T3000 Network Intrusion Detection System
Siemens omnivise T3000 Product Data Management
CPEs cpe:2.3:a:siemens:omnivise_t3000_network_intrusion_detection_system:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:omnivise_t3000_product_data_management:*:*:*:*:*:*:*:*
Vendors & Products Siemens omnivise T3000 Network Intrusion Detection System
Siemens omnivise T3000 Product Data Management

Tue, 13 Aug 2024 08:00:00 +0000

Type Values Removed Values Added
Description A vulnerability has been identified in Omnivise T3000 Application Server (All versions), Omnivise T3000 Domain Controller (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) (All versions), Omnivise T3000 Product Data Management (PDM) (All versions), Omnivise T3000 Security Server (All versions), Omnivise T3000 Terminal Server (All versions), Omnivise T3000 Thin Client (All versions), Omnivise T3000 Whitelisting Server (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network. A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.
cve-icon MITRE

Status: PUBLISHED

Assigner: siemens

Published: 2024-08-02T10:36:18.219Z

Updated: 2024-08-13T07:54:13.668Z

Reserved: 2024-06-21T08:28:10.678Z

Link: CVE-2024-38877

cve-icon Vulnrichment

Updated: 2024-08-02T15:55:21.622Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-02T11:16:41.957

Modified: 2024-09-20T23:35:04.073

Link: CVE-2024-38877

cve-icon Redhat

No data.