Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for omnivise_t3000_application_server by siemens

    CVE-2024-38879 (GCVE-0-2024-38879)

    Vulnerability from nvd – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server Affected: r9.2 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000 Affected: r8.2_sp3 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp3:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000 Affected: r8.2_sp4 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r9.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r8.2_sp3",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r8.2_sp4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T13:22:29.346191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T20:47:43.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:57.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:16.146Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38879",
        "datePublished": "2024-08-02T10:36:20.639Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:57.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38878 (GCVE-0-2024-38878)

    Vulnerability from nvd – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T14:00:28.397427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:46.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:56.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:14.901Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38878",
        "datePublished": "2024-08-02T10:36:19.439Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:56.424Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38877 (GCVE-0-2024-38877)

    Vulnerability from nvd – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Domain Controller R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Product Data Management (PDM) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Security Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Terminal Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Thin Client R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Whitelisting Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_domain_controller Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_nids Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_nids:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_pdim Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_pdim:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_security_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_security_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_terminal_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_thin_client Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_whitelisting_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_domain_controller",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_nids:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_nids",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_pdim:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_pdim",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_security_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_security_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_terminal_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_thin_client",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_whitelisting_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:42:49.638111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:55:27.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:54.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Domain Controller R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Product Data Management (PDM) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Security Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Terminal Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Thin Client R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Whitelisting Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection.  An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:13.668Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38877",
        "datePublished": "2024-08-02T10:36:18.219Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:54.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38876 (GCVE-0-2024-38876)

    Vulnerability from nvd – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Domain Controller R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Product Data Management (PDM) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Terminal Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Thin Client R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Whitelisting Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_domain_controller_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_domain_controller_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_product_data_management_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_product_data_management_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_r8.2_sp3 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_r8.2_sp3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_r82_sp4 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_r82_sp4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_terminal_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_terminal_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_thin_client_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_thin_client_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_whitelisting_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_domain_controller_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_domain_controller_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_product_data_management_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_r8.2_sp3:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_r8.2_sp3",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_r82_sp4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_r82_sp4",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_terminal_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_terminal_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_thin_client_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_thin_client_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_whitelisting_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T14:21:31.609941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-20T20:14:54.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:53.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Domain Controller R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Product Data Management (PDM) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Terminal Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Thin Client R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Whitelisting Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:12.401Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38876",
        "datePublished": "2024-08-02T10:36:16.928Z",
        "dateReserved": "2024-06-21T08:28:10.677Z",
        "dateUpdated": "2025-11-03T21:55:53.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38879 (GCVE-0-2024-38879)

    Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server Affected: r9.2 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000 Affected: r8.2_sp3 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp3:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000 Affected: r8.2_sp4 , ≤ * (custom)
        cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp4:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r9.2",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp3:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r8.2_sp3",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000:r8.2_sp4:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThanOrEqual": "*",
                    "status": "affected",
                    "version": "r8.2_sp4",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38879",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T13:22:29.346191Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-14T20:47:43.341Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:57.892Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:16.146Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38879",
        "datePublished": "2024-08-02T10:36:20.639Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:57.892Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38878 (GCVE-0-2024-38878)

    Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38878",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T14:00:28.397427Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:00:46.747Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:56.424Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:14.901Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38878",
        "datePublished": "2024-08-02T10:36:19.439Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:56.424Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38877 (GCVE-0-2024-38877)

    Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-312 - Cleartext Storage of Sensitive Information
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Domain Controller R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Product Data Management (PDM) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Security Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Terminal Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Thin Client R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Whitelisting Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_domain_controller Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_nids Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_nids:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_pdim Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_pdim:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_security_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_security_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_terminal_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_thin_client Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_whitelisting_server Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_domain_controller",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_nids:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_nids",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_pdim:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_pdim",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_security_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_security_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_terminal_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_thin_client",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_whitelisting_server",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38877",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T15:42:49.638111Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:55:27.565Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:54.936Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Domain Controller R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Product Data Management (PDM) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Security Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Terminal Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Thin Client R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Whitelisting Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Security Server R9.2 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected devices stores initial system credentials without sufficient protection.  An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.2,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-312",
                  "description": "CWE-312: Cleartext Storage of Sensitive Information",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:13.668Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38877",
        "datePublished": "2024-08-02T10:36:18.219Z",
        "dateReserved": "2024-06-21T08:28:10.678Z",
        "dateUpdated": "2025-11-03T21:55:54.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-38876 (GCVE-0-2024-38876)

    Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55
    VLAI
    Summary
    A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-552 - Files or Directories Accessible to External Parties
    Assigner
    Impacted products
    Vendor Product Version
    Siemens Omnivise T3000 Application Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Domain Controller R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Product Data Management (PDM) R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP3 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 R8.2 SP4 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Terminal Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Thin Client R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    Siemens Omnivise T3000 Whitelisting Server R9.2 Affected: 0 , < * (custom)
    Create a notification for this product.
    siemens omnivise_t3000_application_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_application_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_domain_controller_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_domain_controller_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_product_data_management_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_product_data_management_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_r8.2_sp3 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_r8.2_sp3:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_r82_sp4 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_r82_sp4:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_terminal_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_terminal_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_thin_client_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_thin_client_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    siemens omnivise_t3000_whitelisting_server_r9.2 Affected: 0 , < * (custom)
        cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server_r9.2:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_application_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_application_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_domain_controller_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_domain_controller_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_product_data_management_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_r8.2_sp3:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_r8.2_sp3",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_r82_sp4:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_r82_sp4",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_terminal_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_terminal_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_thin_client_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_thin_client_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server_r9.2:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "omnivise_t3000_whitelisting_server_r9.2",
                "vendor": "siemens",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-38876",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-02T14:21:31.609941Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-20T20:14:54.423Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-03T21:55:53.445Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://seclists.org/fulldisclosure/2024/Nov/5"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Application Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Domain Controller R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Product Data Management (PDM) R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP3",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 R8.2 SP4",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Terminal Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Thin Client R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unknown",
              "product": "Omnivise T3000 Whitelisting Server R9.2",
              "vendor": "Siemens",
              "versions": [
                {
                  "lessThan": "*",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
                "version": "3.1"
              }
            },
            {
              "cvssV4_0": {
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-552",
                  "description": "CWE-552: Files or Directories Accessible to External Parties",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-08-13T07:54:12.401Z",
            "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
            "shortName": "siemens"
          },
          "references": [
            {
              "url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "assignerShortName": "siemens",
        "cveId": "CVE-2024-38876",
        "datePublished": "2024-08-02T10:36:16.928Z",
        "dateReserved": "2024-06-21T08:28:10.677Z",
        "dateUpdated": "2025-11-03T21:55:53.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }