CVE has been recently published to the CVE List and has been received by the NVD.
Products
Omnivise T3000 Application Server
- >= R9.2
Omnivise T3000 Domain Controller
- >= R9.2
Omnivise T3000 Product Data Management (PDM)
- >= R9.2
Omnivise T3000 Terminal Server
- >= R9.2
Omnivise T3000 Thin Client
- >= R9.2
Omnivise T3000 Whitelisting Server
- >= R9.2
Source
productcert@siemens.com
Tags
CVE-2024-38876 details
Last Modified : Aug. 2, 2024, 12:59 p.m.
Description
A vulnerability has been identified in Omnivise T3000 Application Server (All versions >= R9.2), Omnivise T3000 Domain Controller (All versions >= R9.2), Omnivise T3000 Product Data Management (PDM) (All versions >= R9.2), Omnivise T3000 Terminal Server (All versions >= R9.2), Omnivise T3000 Thin Client (All versions >= R9.2), Omnivise T3000 Whitelisting Server (All versions >= R9.2). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7.8 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-552 | Files or Directories Accessible to External Parties | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.8
Exploitability Score
1.8
Impact Score
5.9
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://cert-portal.siemens.com/productcert/html/ssa-857368.html | productcert@siemens.com |