Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-38878 (GCVE-0-2024-38878)
Vulnerability from cvelistv5 – Published: 2024-08-02 10:36 – Updated: 2025-11-03 21:55- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
| Vendor | Product | Version | |
|---|---|---|---|
| Siemens | Omnivise T3000 Application Server R9.2 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 R8.2 SP3 |
Affected:
0 , < *
(custom)
|
|
| Siemens | Omnivise T3000 R8.2 SP4 |
Affected:
0 , < *
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38878",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:00:28.397427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:46.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:55:56.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Nov/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Application Server R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:14.901Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-38878",
"datePublished": "2024-08-02T10:36:19.439Z",
"dateReserved": "2024-06-21T08:28:10.678Z",
"dateUpdated": "2025-11-03T21:55:56.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-38878",
"date": "2026-07-02",
"epss": "0.11452",
"percentile": "0.9548"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38878\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2024-08-02T11:16:42.260\",\"lastModified\":\"2026-06-17T07:41:11.333\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.\"},{\"lang\":\"es\",\"value\":\" Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (todas las versiones). Los dispositivos afectados permiten a los usuarios autenticados exportar datos de diagn\u00f3stico. El endpoint API correspondiente es susceptible a path traversal y podr\u00eda permitir que un atacante autenticado descargue archivos arbitrarios del sistema de archivos.\"}],\"affected\":[{\"source\":\"productcert@siemens.com\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"Omnivise T3000 Application Server R9.2\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"Omnivise T3000 R8.2 SP3\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"Omnivise T3000 R8.2 SP4\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.2,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2024-08-02T14:00:28.397427Z\",\"id\":\"CVE-2024-38878\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DE3308D-6E4D-4433-8A7D-4DD8C52481D9\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-857368.html\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2024/Nov/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://seclists.org/fulldisclosure/2024/Nov/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:55:56.424Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38878\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-02T14:00:28.397427Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-02T14:00:37.845Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.2, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\"}}, {\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 6.9, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\"}}], \"affected\": [{\"vendor\": \"Siemens\", \"product\": \"Omnivise T3000 Application Server R9.2\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Omnivise T3000 R8.2 SP3\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"Omnivise T3000 R8.2 SP4\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-857368.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"shortName\": \"siemens\", \"dateUpdated\": \"2024-08-13T07:54:14.901Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38878\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:55:56.424Z\", \"dateReserved\": \"2024-06-21T08:28:10.678Z\", \"assignerOrgId\": \"cec7a2ec-15b4-4faf-bd53-b40f371f3a77\", \"datePublished\": \"2024-08-02T10:36:19.439Z\", \"assignerShortName\": \"siemens\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/html/ssa-857368.html
| Name | ['Siemens Omnivise T3000 Application Server', 'Siemens Omnivise T3000 Domain Controller', 'Siemens Omnivise T3000 Product Data Management (PDM)', 'Siemens Omnivise T3000 Terminal Server', 'Siemens Omnivise T3000 Thin Client', 'Siemens Omnivise T3000 Whitelisting Server'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2024-38878"
}
},
"description": "Omnivise T3000\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff0c\u4e3b\u8981\u7528\u4e8e\u5316\u77f3\u71c3\u6599\u548c\u5927\u578b\u53ef\u518d\u751f\u80fd\u6e90\u53d1\u7535\u5382\u3002\n\nSiemens Omnivise T3000 Application Server\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6587\u4ef6\u7cfb\u7edf\u4e0b\u8f7d\u4efb\u610f\u6587\u4ef6\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-857368.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2024-35108",
"openTime": "2024-08-12",
"patchDescription": "Omnivise T3000\u662f\u4e00\u79cd\u5206\u5e03\u5f0f\u63a7\u5236\u7cfb\u7edf\uff0c\u4e3b\u8981\u7528\u4e8e\u5316\u77f3\u71c3\u6599\u548c\u5927\u578b\u53ef\u518d\u751f\u80fd\u6e90\u53d1\u7535\u5382\u3002\r\n\r\nSiemens Omnivise T3000 Application Server\u5b58\u5728\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ece\u6587\u4ef6\u7cfb\u7edf\u4e0b\u8f7d\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Omnivise T3000 Application Server\u8def\u5f84\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Omnivise T3000 Application Server",
"Siemens Omnivise T3000 Domain Controller",
"Siemens Omnivise T3000 Product Data Management (PDM)",
"Siemens Omnivise T3000 Terminal Server",
"Siemens Omnivise T3000 Thin Client",
"Siemens Omnivise T3000 Whitelisting Server"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html",
"serverity": "\u9ad8",
"submitTime": "2024-08-12",
"title": "Siemens Omnivise T3000 Application Server\u8def\u5f84\u904d\u5386\u6f0f\u6d1e"
}
FKIE_CVE-2024-38878
Vulnerability from fkie_nvd - Published: 2024-08-02 11:16 - Updated: 2026-06-17 07:416.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | omnivise_t3000_application_server | r9.2 |
{
"affected": [
{
"affectedData": [
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 Application Server R9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP3",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Omnivise T3000 R8.2 SP4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"source": "productcert@siemens.com"
}
],
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1DE3308D-6E4D-4433-8A7D-4DD8C52481D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system."
},
{
"lang": "es",
"value": " Se ha identificado una vulnerabilidad en Omnivise T3000 Application Server (todas las versiones). Los dispositivos afectados permiten a los usuarios autenticados exportar datos de diagn\u00f3stico. El endpoint API correspondiente es susceptible a path traversal y podr\u00eda permitir que un atacante autenticado descargue archivos arbitrarios del sistema de archivos."
}
],
"id": "CVE-2024-38878",
"lastModified": "2026-06-17T07:41:11.333",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "productcert@siemens.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "productcert@siemens.com",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2024-38878",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T14:00:28.397427Z",
"version": "2.0.3"
}
}
]
},
"published": "2024-08-02T11:16:42.260",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2024/Nov/5"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
GHSA-6CJC-W4J3-JJH8
Vulnerability from github – Published: 2024-08-02 12:31 – Updated: 2025-11-04 00:31A vulnerability has been identified in Omnivise T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
{
"affected": [],
"aliases": [
"CVE-2024-38878"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-02T11:16:42Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in Omnivise\u00a0T3000 Application Server (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.",
"id": "GHSA-6cjc-w4j3-jjh8",
"modified": "2025-11-04T00:31:10Z",
"published": "2024-08-02T12:31:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-38878"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2024/Nov/5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
NCSC-2024-0323
Vulnerability from csaf_ncscnl - Published: 2024-08-06 09:29 - Updated: 2024-08-06 09:29| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
omnivise_t3000_application_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_domain_controller
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_domain_controller:r9.2:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_product_data_management__pdm_
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_product_data_management__pdm_:r9.2:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_terminal_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_terminal_server:r9.2:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_thin_client
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_thin_client:r9.2:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_whitelisting_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:r9.2:*:*:*:*:*:*:*
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
omnivise_t3000_application_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_application_server:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_domain_controller
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_domain_controller:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_network_intrusion_detection_system__nids_
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_network_intrusion_detection_system__nids_:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_product_data_management__pdm_
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_product_data_management__pdm_:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_security_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_security_server:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_terminal_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_terminal_server:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_thin_client
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_thin_client:0:*:*:*:*:*:*:*
|
— | |
|
omnivise_t3000_whitelisting_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:0:*:*:*:*:*:*:*
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
omnivise_t3000_application_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_application_server:0:*:*:*:*:*:*:*
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
omnivise_t3000_application_server
siemens
|
cpe:2.3:a:siemens:omnivise_t3000_application_server:0:*:*:*:*:*:*:*
|
— |
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Siemens Energy heeft kwetsbaarheden verholpen in Omnivise T3000.",
"title": "Feiten"
},
{
"category": "description",
"text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen op het kwetsbare systeem en daarmee willekeurige code uit te voeren, mogelijk met systeemrechten. \n\nVoor succesvol misbruik moet de kwaadwillende lokaal geautoriseerd zijn. Echter, omdat de kwetsbaarheid met kenmerk CVE-2024-38879 een poort van een intern proces beschikbaar stelt op het netwerk, is het mogelijk dat de kwaadwillende op afstand de kwetsbaarheden in keten kan misbruiken.\nHiervoor dient te kwaadwillende wel toegang te hebben tot de productie-omgeving. Het is goed gebruik een dergelijke omgeving niet publiek toegankelijk te hebben.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Siemens heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Cleartext Storage of Sensitive Information",
"title": "CWE-312"
},
{
"category": "general",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference - cveprojectv5; nvd",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
}
],
"title": "Kwetsbaarheden verholpen in Siemens Omnivise",
"tracking": {
"current_release_date": "2024-08-06T09:29:53.292433Z",
"id": "NCSC-2024-0323",
"initial_release_date": "2024-08-06T09:29:53.292433Z",
"revision_history": [
{
"date": "2024-08-06T09:29:53.292433Z",
"number": "0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1532010",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1533376",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1531991",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1531992",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1531993",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_application_server",
"product": {
"name": "omnivise_t3000_application_server",
"product_id": "CSAFPID-1533070",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_application_server:r9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1532011",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1536176",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1531994",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1531995",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1531996",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_domain_controller",
"product": {
"name": "omnivise_t3000_domain_controller",
"product_id": "CSAFPID-1533071",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_domain_controller:r9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_network_intrusion_detection_system__nids_",
"product": {
"name": "omnivise_t3000_network_intrusion_detection_system__nids_",
"product_id": "CSAFPID-1536177",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_network_intrusion_detection_system__nids_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_network_intrusion_detection_system_nids_",
"product": {
"name": "omnivise_t3000_network_intrusion_detection_system_nids_",
"product_id": "CSAFPID-1532012",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_network_intrusion_detection_system_nids_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management__pdm_",
"product": {
"name": "omnivise_t3000_product_data_management__pdm_",
"product_id": "CSAFPID-1536178",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management__pdm_:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management__pdm_",
"product": {
"name": "omnivise_t3000_product_data_management__pdm_",
"product_id": "CSAFPID-1533072",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management__pdm_:r9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management_pdm_",
"product": {
"name": "omnivise_t3000_product_data_management_pdm_",
"product_id": "CSAFPID-1532013",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_pdm_:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management_pdm_",
"product": {
"name": "omnivise_t3000_product_data_management_pdm_",
"product_id": "CSAFPID-1531997",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_pdm_:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management_pdm_",
"product": {
"name": "omnivise_t3000_product_data_management_pdm_",
"product_id": "CSAFPID-1531998",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_pdm_:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_product_data_management_pdm_",
"product": {
"name": "omnivise_t3000_product_data_management_pdm_",
"product_id": "CSAFPID-1531999",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_product_data_management_pdm_:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_security_server",
"product": {
"name": "omnivise_t3000_security_server",
"product_id": "CSAFPID-1532014",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_security_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_security_server",
"product": {
"name": "omnivise_t3000_security_server",
"product_id": "CSAFPID-1536179",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_security_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1532015",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1536180",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1532000",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1532001",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1532002",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_terminal_server",
"product": {
"name": "omnivise_t3000_terminal_server",
"product_id": "CSAFPID-1533073",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_terminal_server:r9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1532016",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1536181",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1532003",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1532004",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1532005",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_thin_client",
"product": {
"name": "omnivise_t3000_thin_client",
"product_id": "CSAFPID-1533074",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_thin_client:r9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1532017",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:*:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1536182",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1532006",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:9.0:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1532007",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:9.1:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1532008",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:9.2:*:*:*:*:*:*:*"
}
}
},
{
"category": "product_name",
"name": "omnivise_t3000_whitelisting_server",
"product": {
"name": "omnivise_t3000_whitelisting_server",
"product_id": "CSAFPID-1533075",
"product_identification_helper": {
"cpe": "cpe:2.3:a:siemens:omnivise_t3000_whitelisting_server:r9.2:*:*:*:*:*:*:*"
}
}
}
],
"category": "vendor",
"name": "siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38876",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "other",
"text": "Files or Directories Accessible to External Parties",
"title": "CWE-552"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1533070",
"CSAFPID-1533071",
"CSAFPID-1533072",
"CSAFPID-1533073",
"CSAFPID-1533074",
"CSAFPID-1533075"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38876",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38876.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1533070",
"CSAFPID-1533071",
"CSAFPID-1533072",
"CSAFPID-1533073",
"CSAFPID-1533074",
"CSAFPID-1533075"
]
}
],
"title": "CVE-2024-38876"
},
{
"cve": "CVE-2024-38877",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Cleartext Storage of Sensitive Information",
"title": "CWE-312"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1533376",
"CSAFPID-1536176",
"CSAFPID-1536177",
"CSAFPID-1536178",
"CSAFPID-1536179",
"CSAFPID-1536180",
"CSAFPID-1536181",
"CSAFPID-1536182"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38877",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38877.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1533376",
"CSAFPID-1536176",
"CSAFPID-1536177",
"CSAFPID-1536178",
"CSAFPID-1536179",
"CSAFPID-1536180",
"CSAFPID-1536181",
"CSAFPID-1536182"
]
}
],
"title": "CVE-2024-38877"
},
{
"cve": "CVE-2024-38878",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1533376"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38878",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38878.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1533376"
]
}
],
"title": "CVE-2024-38878"
},
{
"cve": "CVE-2024-38879",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1533376"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-38879",
"url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-38879.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1533376"
]
}
],
"title": "CVE-2024-38879"
}
]
}
SSA-857368
Vulnerability from csaf_siemens - Published: 2024-08-02 00:00 - Updated: 2024-08-13 00:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Omnivise T3000 Application Server R9.2
Siemens / Omnivise T3000 Application Server R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 Domain Controller R9.2
Siemens / Omnivise T3000 Domain Controller R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 Product Data Management (PDM) R9.2
Siemens / Omnivise T3000 Product Data Management (PDM) R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 R8.2 SP3
Siemens / Omnivise T3000 R8.2 SP3
|
vers:all/* |
No Fix Planned
|
|
|
Omnivise T3000 R8.2 SP4
Siemens / Omnivise T3000 R8.2 SP4
|
vers:all/* |
None Available
|
|
|
Omnivise T3000 Terminal Server R9.2
Siemens / Omnivise T3000 Terminal Server R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 Thin Client R9.2
Siemens / Omnivise T3000 Thin Client R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 Whitelisting Server R9.2
Siemens / Omnivise T3000 Whitelisting Server R9.2
|
vers:all/* |
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Omnivise T3000 Application Server R9.2
Siemens / Omnivise T3000 Application Server R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Domain Controller R9.2
Siemens / Omnivise T3000 Domain Controller R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2
Siemens / Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Product Data Management (PDM) R9.2
Siemens / Omnivise T3000 Product Data Management (PDM) R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 R8.2 SP3
Siemens / Omnivise T3000 R8.2 SP3
|
vers:all/* |
Mitigation
No Fix Planned
|
|
|
Omnivise T3000 R8.2 SP4
Siemens / Omnivise T3000 R8.2 SP4
|
vers:all/* |
Mitigation
None Available
|
|
|
Omnivise T3000 Security Server R9.2
Siemens / Omnivise T3000 Security Server R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Terminal Server R9.2
Siemens / Omnivise T3000 Terminal Server R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Thin Client R9.2
Siemens / Omnivise T3000 Thin Client R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
|
|
Omnivise T3000 Whitelisting Server R9.2
Siemens / Omnivise T3000 Whitelisting Server R9.2
|
vers:all/* |
Mitigation
Vendor Fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Omnivise T3000 Application Server R9.2
Siemens / Omnivise T3000 Application Server R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 R8.2 SP3
Siemens / Omnivise T3000 R8.2 SP3
|
vers:all/* |
No Fix Planned
|
|
|
Omnivise T3000 R8.2 SP4
Siemens / Omnivise T3000 R8.2 SP4
|
vers:all/* |
None Available
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Omnivise T3000 Application Server R9.2
Siemens / Omnivise T3000 Application Server R9.2
|
vers:all/* |
Vendor Fix
|
|
|
Omnivise T3000 R8.2 SP3
Siemens / Omnivise T3000 R8.2 SP3
|
vers:all/* |
No Fix Planned
|
|
|
Omnivise T3000 R8.2 SP4
Siemens / Omnivise T3000 R8.2 SP4
|
vers:all/* |
None Available
|
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Omnivise T3000 contains multiple vulnerabilities that could allow an attacker to escalate privileges.\n\nSiemens Energy has released patches for several affected products and recommends to apply the patches. Siemens Energy is preparing further fixes for versions still under maintenance and recommends countermeasures for products where fixes are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure Siemens Energy strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-857368: Multiple Vulnerabilities in Omnivise T3000 - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
},
{
"category": "self",
"summary": "SSA-857368: Multiple Vulnerabilities in Omnivise T3000 - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-857368.json"
}
],
"title": "SSA-857368: Multiple Vulnerabilities in Omnivise T3000",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-857368",
"initial_release_date": "2024-08-02T00:00:00Z",
"revision_history": [
{
"date": "2024-08-02T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added additional affected Omnivise T3000 Releases R8.2 SP3 and SP4, corrected inconsistent information, added reference to SE Controls Security Announcement 2024-01"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Application Server R9.2",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Application Server R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Domain Controller R9.2",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Domain Controller R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Product Data Management (PDM) R9.2",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Product Data Management (PDM) R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 R8.2 SP3",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 R8.2 SP3"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 R8.2 SP4",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 R8.2 SP4"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Security Server R9.2",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Security Server R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Terminal Server R9.2",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Terminal Server R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Thin Client R9.2",
"product_id": "9"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Thin Client R9.2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "Omnivise T3000 Whitelisting Server R9.2",
"product_id": "10"
}
}
],
"category": "product_name",
"name": "Omnivise T3000 Whitelisting Server R9.2"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38876",
"cwe": {
"id": "CWE-552",
"name": "Files or Directories Accessible to External Parties"
},
"notes": [
{
"category": "summary",
"text": "The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"4",
"5",
"6",
"8",
"9",
"10"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"5"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"2",
"4",
"8",
"9",
"10"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52 as well as Application Software Patch 09.0.19.06; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"4",
"5",
"6",
"8",
"9",
"10"
]
}
],
"title": "CVE-2024-38876"
},
{
"cve": "CVE-2024-38877",
"cwe": {
"id": "CWE-312",
"name": "Cleartext Storage of Sensitive Information"
},
"notes": [
{
"category": "summary",
"text": "The affected devices stores initial system credentials without sufficient protection. An attacker with remote shell access or physical access could retrieve the credentials leading to confidentiality loss allowing the attacker to laterally move within the affected network.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"
]
},
"remediations": [
{
"category": "mitigation",
"details": "If the passwords are suspected to be compromised, change the Passwords for all computers and service accounts. In addition follow the instructions from Omnivise T3000 Technical News 2024-089 which is available through T3000 customer service and applies to releases (8.2 SP3/SP4 and 9.2).",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"
]
},
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"5"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"2",
"4",
"8",
"9",
"10"
]
},
{
"category": "vendor_fix",
"details": "Apply mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"3"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.52; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"7"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52 as well as Application Software Patch 09.0.19.06; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10"
]
}
],
"title": "CVE-2024-38877"
},
{
"cve": "CVE-2024-38878",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"5",
"6"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"5"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52 as well as Application Software Patch 09.0.19.06; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"5",
"6"
]
}
],
"title": "CVE-2024-38878"
},
{
"cve": "CVE-2024-38879",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The affected system exposes the port of an internal application on the public network interface allowing an attacker to circumvent authentication and directly access the exposed application.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"5",
"6"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"5"
]
},
{
"category": "none_available",
"details": "Currently no fix is available",
"product_ids": [
"6"
]
},
{
"category": "vendor_fix",
"details": "Install System Software Patch 22.173.20 and System Software Patch 22.173.52 as well as Application Software Patch 09.0.19.06; apply additional mitigations from Omnivise T3000 Technical News 2024-089",
"product_ids": [
"1"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"5",
"6"
]
}
],
"title": "CVE-2024-38879"
}
]
}
VAR-202408-0012
Vulnerability from variot - Updated: 2025-11-18 14:24A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. Siemens' omnivise t3000 application server Exists in a past traversal vulnerability.Information may be obtained. Omnivise T3000 is a distributed control system used in fossil fuel and large renewable energy power plants
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-0012",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "omnivise t3000 application server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "r9.2"
},
{
"model": "omnivise t3000 application server",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "omnivise t3000 application server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "r9.2"
},
{
"model": "omnivise t3000 application server",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "omnivise t3000 application server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "omnivise t3000 domain controller",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "omnivise t3000 product data management",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "omnivise t3000 terminal server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "omnivise t3000 thin client",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
},
{
"model": "omnivise t3000 whitelisting server",
"scope": null,
"trust": 0.6,
"vendor": "siemens",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"cve": "CVE-2024-38878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "MULTIPLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.4,
"id": "CNVD-2024-35108",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "productcert@siemens.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-38878",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-38878",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2024-38878",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "productcert@siemens.com",
"id": "CVE-2024-38878",
"trust": 1.0,
"value": "Medium"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-38878",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-38878",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2024-35108",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system. Siemens\u0027 omnivise t3000 application server Exists in a past traversal vulnerability.Information may be obtained. Omnivise T3000 is a distributed control system used in fossil fuel and large renewable energy power plants",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-38878"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "CNVD",
"id": "CNVD-2024-35108"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-38878",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-857368",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU99298639",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-35108",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"id": "VAR-202408-0012",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
}
],
"trust": 1.38333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
}
]
},
"last_update_date": "2025-11-18T14:24:32.912000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens Omnivise T3000 Application Server Path Traversal Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/576721"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.0
},
{
"problemtype": "Path traversal (CWE-22) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/html/ssa-857368.html"
},
{
"trust": 1.0,
"url": "http://seclists.org/fulldisclosure/2024/nov/5"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu99298639/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-38878"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"date": "2024-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"date": "2024-08-02T11:16:42.260000",
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-35108"
},
{
"date": "2024-09-18T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2024-008314"
},
{
"date": "2025-11-03T22:17:03.280000",
"db": "NVD",
"id": "CVE-2024-38878"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0omnivise\u00a0t3000\u00a0application\u00a0server\u00a0 Past traversal vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-008314"
}
],
"trust": 0.8
}
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.