‘Bloody Wolf’ Cyberattacks Target Kazakh Organizations – Active IOCs
August 6, 2024APT27 Emissary Panda aka LuckyMouse – Active IOCs
August 6, 2024‘Bloody Wolf’ Cyberattacks Target Kazakh Organizations – Active IOCs
August 6, 2024APT27 Emissary Panda aka LuckyMouse – Active IOCs
August 6, 2024Severity
High
Analysis Summary
CVE-2024-38879 CVSS:7.5
Siemens Omnivise T3000 Application Server could allow a remote attacker to obtain sensitive information, caused by improper input validation By sending a specially crafted request, a remote attacker could exploit this vulnerability to circumvent authentication and directly access the exposed application.
CVE-2024-38878 CVSS:7.2
Siemens Omnivise T3000 Application Server could allow a remote authenticated attacker to traverse directories on the system, caused by a flaw in corresponding API endpoint. An attacker could send a specially crafted request to download arbitrary files from the file system.
CVE-2024-38876 CVSS:7.8
Siemens Omnivise T3000 Application Server could allow a local authenticated attacker to execute arbitrary code on the system, caused by files or directories accessible to external parties flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code with elevated privileges.
Impact
- Information Disclosure
- Gain Access
- Privilege escalation
Indicators of Compromise
CVE
- CVE-2024-38879
- CVE-2024-38878
- CVE-2024-38876
Affected Vendors
Affected Products
- Siemens Omnivise T3000 Application Server - 0
- Siemens Omnivise T3000 Domain Controller - R9.2
- Siemens Omnivise T3000 Product Data Management (PDM) - R9.2
- Siemens Omnivise T3000 Thin Client - R9.2
- Siemens Omnivise T3000 Whitelisting Server - R9.2
Remediation
Refer to Siemens Energy Security Advisory for patch, upgrade or suggested workaround information.