CVSS: 8.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38879 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38879
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2024-38878 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38878
The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 10EXPL: 0CVE-2024-38877 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38877
Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.5EPSS: 0%CPEs: 8EXPL: 0CVE-2024-38876 – Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download
https://notcve.org/view.php?id=CVE-2024-38876
This could allow a local authenticated attacker to execute arbitrary code with elevated privileges. Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass. • https://cert-portal.siemens.com/productcert/html/ssa-857368.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7253 – NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-7253
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . ... This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kb.nomachine.com/TR07V11184 https://www.zerodayinitiative.com/advisories/ZDI-24-1042 • CWE-427: Uncontrolled Search Path Element •