Initial System Credentials at Risk of Confidentiality Loss Due to Lack of Protection
CVE-2024-38877

8.8HIGH

Key Information:

Vendor: Siemens
Status: Omnivise T3000 Application Server R9.2; Omnivise T3000 Domain Controller R9.2; Omnivise T3000 Network Intrusion Detection System (nids) R9.2; Omnivise T3000 Product Data Management (pdm) R9.2
Vendor: CVE Published:; 2 August 2024

Summary

A security vulnerability exists in the Omnivise T3000 product line that compromises the security of initial system credentials by storing them without adequate protection. This flaw permits an attacker, who gains remote shell or physical access, to retrieve sensitive credentials. The exposure of these credentials can lead to unauthorized lateral movement within the network, severely jeopardizing data confidentiality and overall system integrity. Organizations utilizing the affected Omnivise T3000 products are urged to assess their vulnerability and implement necessary security measures.

Affected Version(s)

Omnivise T3000 Application Server R9.2 0

Omnivise T3000 Domain Controller R9.2 0

Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2 0

References

https://cert-portal.siemens.com/productcert/html/ssa-8573...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Aug 2, 2024