Local Privilege Escalation Vulnerability in Medicalis Workflow Orchestrator
CVE-2024-37999

7.8HIGH

Key Information:

Vendor: Siemens
Status: Medicalis Workflow Orchestrator
Vendor: CVE Published:; 8 July 2024

Badges

📰 News Worthy

What is CVE-2024-37999?

A privilege escalation vulnerability exists in the Medicalis Workflow Orchestrator, which operates under a trusted account with elevated privileges and broad network access. This vulnerability allows authenticated local attackers to potentially escalate their privileges within the system, posing significant security risks. It is crucial for users of the Medicalis Workflow Orchestrator to review the implications of this vulnerability and implement mitigations as recommended by the vendor.

Affected Version(s)

Medicalis Workflow Orchestrator 0

News Articles

prophaze.com

CVE-2024-37999

CVE-2024-37999 : SIEMENS MEDICALIS WORKFLOW ORCHESTRATOR IMPROPER OWNERSHIP MANAGEMENT - Cloud WAF

CVE-2024-37999 : A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access.

References

https://www.siemens-healthineers.com/en-us/support-docume...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by prophaze.com
Jul 9, 2024
Vulnerability published
Jul 8, 2024
Vulnerability Reserved
Jun 11, 2024

Siemens

Badges

What is CVE-2024-37999?

Affected Version(s)

News Articles

CVE-2024-37999 : SIEMENS MEDICALIS WORKFLOW ORCHESTRATOR IMPROPER OWNERSHIP MANAGEMENT - Cloud WAF

References

CVSS V3.1

Timeline