CVE-2024-38878
HIGHOmnivise T3000 Application Server R9.2/R8.2 SP3/SP4 - Authenticated Path Traversal
Title source: llmDescription
A vulnerability has been identified in Omnivise T3000 Application Server R9.2 (All versions), Omnivise T3000 R8.2 SP3 (All versions), Omnivise T3000 R8.2 SP4 (All versions). Affected devices allow authenticated users to export diagnostics data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download arbitrary files from the file system.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-857368.html
Mailing List
http://seclists.org/fulldisclosure/2024/Nov/5
Scores
CVSS v3
7.2
EPSS
0.1277
EPSS Percentile
94.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (1)
siemens/omnivise_t3000_application_server
r9.2
Published
Aug 02, 2024
Tracked Since
Feb 18, 2026