CVE-2024-38877

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download

Severity Score

8.3

*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

MITRE
PS

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.

Siemens Energy Omnivise T3000 version 8.2 SP3 suffers from local privilege escalation, cleartext storage of passwords in configuration and log files, file system access allowing for arbitrary file download, and IP whitelist bypass.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

System

Vulnerable | Subsequent

Confidentiality

High

Integrity

None

High

Availability

None

High

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-06-21 CVE Reserved
2024-08-02 CVE Published
2024-08-06 EPSS Updated
2024-08-13 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-312: Cleartext Storage of Sensitive Information

CAPEC

References (1)

URL	Tag	Source
https://cert-portal.siemens.com/productcert/html/ssa-857368.html

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Siemens Search vendor "Siemens"		Omnivise T3000 Application Server R9.2 Search vendor "Siemens" for product "Omnivise T3000 Application Server R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Application Server R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Domain Controller R9.2 Search vendor "Siemens" for product "Omnivise T3000 Domain Controller R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Domain Controller R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 Search vendor "Siemens" for product "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Product Data Management (PDM) R9.2 Search vendor "Siemens" for product "Omnivise T3000 Product Data Management (PDM) R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Product Data Management (PDM) R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 R8.2 SP3 Search vendor "Siemens" for product "Omnivise T3000 R8.2 SP3"				0 Search vendor "Siemens" for product "Omnivise T3000 R8.2 SP3" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 R8.2 SP4 Search vendor "Siemens" for product "Omnivise T3000 R8.2 SP4"				0 Search vendor "Siemens" for product "Omnivise T3000 R8.2 SP4" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Security Server R9.2 Search vendor "Siemens" for product "Omnivise T3000 Security Server R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Security Server R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Terminal Server R9.2 Search vendor "Siemens" for product "Omnivise T3000 Terminal Server R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Terminal Server R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Thin Client R9.2 Search vendor "Siemens" for product "Omnivise T3000 Thin Client R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Thin Client R9.2" and version "0"		en		Affected
Siemens Search vendor "Siemens"		Omnivise T3000 Whitelisting Server R9.2 Search vendor "Siemens" for product "Omnivise T3000 Whitelisting Server R9.2"				0 Search vendor "Siemens" for product "Omnivise T3000 Whitelisting Server R9.2" and version "0"		en		Affected