Local Privilege Escalation Vulnerability in Medicalis Workflow Orchestrator
CVE-2024-37999

7.8HIGH

Key Information:

Vendor

Siemens
Status
Medicalis Workflow Orchestrator
Vendor
CVE Published:
8 July 2024

Badges

đź“° News Worthy

What is CVE-2024-37999?

A privilege escalation vulnerability exists in the Medicalis Workflow Orchestrator, which operates under a trusted account with elevated privileges and broad network access. This vulnerability allows authenticated local attackers to potentially escalate their privileges within the system, posing significant security risks. It is crucial for users of the Medicalis Workflow Orchestrator to review the implications of this vulnerability and implement mitigations as recommended by the vendor.

Affected Version(s)

Medicalis Workflow Orchestrator 0

News Articles

favicon imageprophaze.com

CVE-2024-37999 : SIEMENS MEDICALIS WORKFLOW ORCHESTRATOR IMPROPER OWNERSHIP MANAGEMENT - Cloud WAF

CVE-2024-37999 : A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access.

References

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-37999 : Local Privilege Escalation Vulnerability in Medicalis Workflow Orchestrator