Lucene search

CVE-2021-37195

🗓️ 11 Jan 2022 12:09:15Reported by siemensType

Vulnerability in COMOS web component allows code injectio

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2021-37195	11 Jan 202211:27	–	cvelist
CNVD	Siemens COMOS Web Component Cross-Site Scripting Vulnerability	12 Jan 202200:00	–	cnvd
Prion	Code injection	11 Jan 202212:15	–	prion
NVD	CVE-2021-37195	11 Jan 202212:15	–	nvd
ICS	Siemens COMOS Web (Update A)	11 Jan 202200:00	–	ics

Nvd

Node

siemens comosRange≤10.2

siemens comosRange10.3–10.3.3.2.14

siemens comosMatch4.1

[
  {
    "product": "COMOS V10.2",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions only if web components are used"
      }
    ]
  },
  {
    "product": "COMOS V10.3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V10.3.3.3 only if web components are used"
      }
    ]
  },
  {
    "product": "COMOS V10.4",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V10.4.1 only if web components are used"
      }
    ]
  }
]

Source	Link
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Jan 2022 12:15Current

6.3Medium risk

Vulners AI Score6.3

CVSS22.6

CVSS36.1

EPSS0.00616