Initial System Credentials at Risk of Confidentiality Loss Due to Lack of Protection
CVE-2024-38877

8.3HIGH

Key Information:

Vendor

Siemens
Status
Omnivise T3000 Application Server R9.2
Omnivise T3000 Domain Controller R9.2
Omnivise T3000 Network Intrusion Detection System (nids) R9.2
Omnivise T3000 Product Data Management (pdm) R9.2
Vendor
CVE Published:
2 August 2024

What is CVE-2024-38877?

A security vulnerability exists in the Omnivise T3000 product line that compromises the security of initial system credentials by storing them without adequate protection. This flaw permits an attacker, who gains remote shell or physical access, to retrieve sensitive credentials. The exposure of these credentials can lead to unauthorized lateral movement within the network, severely jeopardizing data confidentiality and overall system integrity. Organizations utilizing the affected Omnivise T3000 products are urged to assess their vulnerability and implement necessary security measures.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Omnivise T3000 Application Server R9.2 0

Omnivise T3000 Domain Controller R9.2 0

Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8573...

CVSS V4

Score:
8.3
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

JSON
.