cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-38876,https://securityvulnerability.io/vulnerability/CVE-2024-38876,Privileged Code Execution Vulnerability Affects Omnivise T3000 Products,"A vulnerability has been identified in various versions of Siemens Omnivise T3000 applications that permits the regular execution of user-modifiable code with privileged user access. This poses significant security risks, as it allows local authenticated attackers to leverage this flaw to execute arbitrary code with elevated privileges, potentially compromising the integrity and security of affected systems.",Siemens,"Omnivise T3000 Application Server R9.2,Omnivise T3000 Domain Controller R9.2,Omnivise T3000 Product Data Management (pdm) R9.2,Omnivise T3000 R8.2 Sp3,Omnivise T3000 R8.2 Sp4,Omnivise T3000 Terminal Server R9.2,Omnivise T3000 Thin Client R9.2,Omnivise T3000 Whitelisting Server R9.2",7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-08-02T11:16:00.000Z,0
CVE-2024-38877,https://securityvulnerability.io/vulnerability/CVE-2024-38877,Initial System Credentials at Risk of Confidentiality Loss Due to Lack of Protection,"A security vulnerability exists in the Omnivise T3000 product line that compromises the security of initial system credentials by storing them without adequate protection. This flaw permits an attacker, who gains remote shell or physical access, to retrieve sensitive credentials. The exposure of these credentials can lead to unauthorized lateral movement within the network, severely jeopardizing data confidentiality and overall system integrity. Organizations utilizing the affected Omnivise T3000 products are urged to assess their vulnerability and implement necessary security measures.",Siemens,"Omnivise T3000 Application Server R9.2,Omnivise T3000 Domain Controller R9.2,Omnivise T3000 Network Intrusion Detection System (nids) R9.2,Omnivise T3000 Product Data Management (pdm) R9.2,Omnivise T3000 R8.2 Sp3,Omnivise T3000 R8.2 Sp4,Omnivise T3000 Security Server R9.2,Omnivise T3000 Terminal Server R9.2,Omnivise T3000 Thin Client R9.2,Omnivise T3000 Whitelisting Server R9.2",8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2024-08-02T11:16:00.000Z,0
CVE-2024-38878,https://securityvulnerability.io/vulnerability/CVE-2024-38878,Omnivise T3000 Application Server Vulnerability Allow Arbitrary File Download,"A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.",Siemens,"Omnivise T3000 Application Server R9.2,Omnivise T3000 R8.2 Sp3,Omnivise T3000 R8.2 Sp4",6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,2024-08-02T11:16:00.000Z,0
CVE-2024-38879,https://securityvulnerability.io/vulnerability/CVE-2024-38879,Public Exposure of Internal Application Port Could Lead to Authentication Bypass,"An identified vulnerability in the Omnivise T3000 Application Server series allows unauthorized access due to the exposure of internal application ports on public network interfaces. This vulnerability can enable attackers to bypass standard authentication measures and gain direct access to sensitive applications, potentially leading to serious security risks for affected systems. This issue is present across several versions of the Omnivise T3000, necessitating prompt attention from users to mitigate unauthorized access risks.",Siemens,"Omnivise T3000 Application Server R9.2,Omnivise T3000 R8.2 Sp3,Omnivise T3000 R8.2 Sp4",9.8,CRITICAL,0.0007600000244565308,false,,false,false,false,,false,false,2024-08-02T11:16:00.000Z,0