Multiple Vulnerabilities in Omnivise T3000

Act NowCVSS 8.2SSA-857368Aug 2, 2024

SiemensEnergy

Attack path

Attack VectorLocal

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Omnivise T3000 contains multiple vulnerabilities (CWE-552 file permissions, CWE-312 insecure data handling, CWE-22 path traversal, CWE-20 input validation) that could allow privilege escalation. Affected components include Application Server, Domain Controller, Terminal Server, Product Data Management, NIDS, Security Server, Whitelisting Server, and Thin Client in R8.2 SP3, R8.2 SP4, and R9.2 versions. Siemens Energy has released patches for some versions but end-of-life products R8.2 SP3 and R8.2 SP4 will not receive fixes.

What this means

What could happen

An attacker with administrative or high-privilege credentials could exploit multiple weaknesses in Omnivise T3000 components to escalate their access to full system control, potentially compromising energy management systems and operational visibility across power or utility networks.

Who's at risk

Energy utilities and industrial facilities running Omnivise T3000 in any configuration (Application Server, Domain Controller, Terminal Server, PDM, NIDS, Security Server, Whitelisting Server, or Thin Client) are affected. This impacts operators relying on Omnivise for process visualization, control, and security oversight across power generation, transmission, and distribution systems.

How it could be exploited

An attacker with high-privilege credentials (such as domain administrator or system administrator account) could leverage file permission weaknesses (CWE-552), insecure data handling (CWE-312), or path traversal issues (CWE-22) to execute arbitrary commands at system level. The vulnerability chain could allow lateral movement across Application Server, Domain Controller, and Terminal Server components, compromising the entire Omnivise infrastructure.

Prerequisites

High-privilege credentials (domain administrator or system administrator account)
Local or network access to Omnivise T3000 components
Access to affected system components: Application Server, Domain Controller, Terminal Server, PDM, NIDS, Security Server, or Whitelisting Server

High privilege required for exploitationNo patch available for R8.2 SP3 or R8.2 SP4 versionsLow EPSS score (8.9%, below 10% threshold)Multiple CWEs indicating systemic design issuesAffects central infrastructure (Domain Controller, Application Server)

Exploitability

Likely to be exploited — EPSS score 12.8%

Affected products (10)

7 with fix1 pending2 EOL

ProductAffected VersionsFix Status

Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2All versionsSystem Software Patch 22.173.52

Omnivise T3000 Thin Client R9.2All versionsNo fix yet

Omnivise T3000 Application Server R9.2All versionsSystem Software Patch 22.173.20 and 22.173.52; Application Software Patch 09.0.19.06

Omnivise T3000 Domain Controller R9.2All versionsSystem Software Patch 22.173.20 and 22.173.52

Omnivise T3000 Product Data Management (PDM) R9.2All versionsSystem Software Patch 22.173.52

Omnivise T3000 R8.2 SP3All versionsNo fix (EOL)

Omnivise T3000 R8.2 SP4All versionsNo fix (EOL)

Omnivise T3000 Terminal Server R9.2All versionsSystem Software Patch 22.173.52

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDApply mitigations from Omnivise T3000 Technical News 2024-089 for products without available patches (R8.2 SP3, R8.2 SP4 all components, and R9.2 Thin Client)

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

Omnivise T3000 Network Intrusion Detection System (NIDS) R9.2

HOTFIXInstall System Software Patch 22.173.52 on all affected product versions (Application Server, Domain Controller, Terminal Server, Security Server, NIDS, Whitelisting Server, Thin Client, PDM)

All products

HOTFIXInstall System Software Patch 22.173.20 on affected Application Server and Domain Controller instances

HOTFIXInstall Application Software Patch 09.0.19.06 on affected instances where applicable

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Omnivise T3000 R8.2 SP3, Omnivise T3000 R8.2 SP4. Apply the following compensating controls:

HARDENINGRestrict administrative and high-privilege account usage through role-based access control and privilege separation

CVEs (4)

CVE-2024-38876 CVE-2024-38877 CVE-2024-38878 CVE-2024-38879

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1cd79b61-1eeb-43b5-9555-52714262bf2c

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.