Analysis Summary

CVE-2024-38879 CVSS:7.5

Siemens Omnivise T3000 Application Server could allow a remote attacker to obtain sensitive information, caused by improper input validation By sending a specially crafted request, a remote attacker could exploit this vulnerability to circumvent authentication and directly access the exposed application.

CVE-2024-38878 CVSS:7.2

Siemens Omnivise T3000 Application Server could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in corresponding API endpoint. An attacker could send a specially crafted request to download arbitrary files from the file system.

CVE-2024-38876 CVSS:7.8

Siemens Omnivise T3000 Application Server could allow a local authenticated attacker to execute arbitrary code on the system, caused by files or directories accessible to external parties flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.

Impact

• Information Disclosure
• Gain Access
• Privilege escalation

Indicators of Compromise

CVE

• CVE-2024-38879
• CVE-2024-38878
• CVE-2024-38876

Affected Vendors

Affected Products

• Siemens Omnivise T3000 Application Server - 0
• Siemens Omnivise T3000 Domain Controller - R9.2
• Siemens Omnivise T3000 Product Data Management (PDM) - R9.2
• Siemens Omnivise T3000 Thin Client - R9.2
• Siemens Omnivise T3000 Whitelisting Server - R9.2

Remediation

Refer to Siemens Energy Security Advisory for patch, upgrade or suggested workaround information.

Siemens Energy Security Advisory