CVE-2024-38876

Description

A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 Domain Controller R9.2 (All versions), Omnivise T3000 Product Data Management (PDM) R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions), Omnivise T3000 Terminal Server R9.2 (All versions), Omnivise T3000 Thin Client R9.2 (All versions), Omnivise T3000 Whitelisting Server R9.2 (All versions). The affected application regularly executes user modifiable code as a privileged user. This could allow a local authenticated attacker to execute arbitrary code with elevated privileges.

References

Link	Tags
https://cert-portal.siemens.com/productcert/html/ssa-857368.html	mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2024-38876?: CVE-2024-38876 has been scored as a high severity vulnerability.
How to fix CVE-2024-38876?: To fix CVE-2024-38876, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-38876 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2024-38876 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-38876?: CVE-2024-38876 affects Siemens Omnivise T3000 Application Server R9.2, Siemens Omnivise T3000 Domain Controller R9.2, Siemens Omnivise T3000 Product Data Management (PDM) R9.2, Siemens Omnivise T3000 R8.2 SP3, Siemens Omnivise T3000 R8.2 SP4, Siemens Omnivise T3000 Terminal Server R9.2, Siemens Omnivise T3000 Thin Client R9.2, Siemens Omnivise T3000 Whitelisting Server R9.2.

Description

Category

CWE-552 – Files or Directories Accessible to External Parties

References

Frequently Asked Questions