CVE-2024-38877
published 2024-08-02CVE-2024-38877: A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise…
PriorityP352high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
0.19%
8.5th percentile
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | omnivise_t3000_application_server | >= r9.2 | — |
| siemens | omnivise_t3000_application_server_r9.2 | < * | * |
| siemens | omnivise_t3000_domain_controller | >= r9.2 | — |
| siemens | omnivise_t3000_domain_controller_r9.2 | < * | * |
| siemens | omnivise_t3000_network_intrusion_detection_system | <= 9.2 | — |
| siemens | omnivise_t3000_network_intrusion_detection_system_r9.2 | < * | * |
| siemens | omnivise_t3000_product_data_management | >= r9.2 | — |
| siemens | omnivise_t3000_product_data_management_r9.2 | < * | * |
| siemens | omnivise_t3000_r8.2_sp3 | < * | * |
| siemens | omnivise_t3000_r8.2_sp4 | < * | * |
| siemens | omnivise_t3000_security_server_r9.2 | < * | * |
| siemens | omnivise_t3000_terminal_server | <= 9.2 | — |
| siemens | omnivise_t3000_terminal_server_r9.2 | < * | * |
| siemens | omnivise_t3000_thin_client | >= r9.2 | — |
| siemens | omnivise_t3000_thin_client_r9.2 | < * | * |
| siemens | omnivise_t3000_whitelisting_server | >= r9.2 | — |
| siemens | omnivise_t3000_whitelisting_server_r9.2 | < * | * |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
nvdv4.08.3HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-08-02
Published