The vulnerabilities of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the software for designing, operating, and maintaining technological installations like COMOS, allow attackers to execute XXE attacks.

The vulnerability of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the COMOS software for designing, operating, and maintaining technological installations is related to a bug that restricts XML references to external objects. Exploiting this vulnerability cou...

PT-2024-33656 · Siemens · Comos

Name of the Vulnerable Software and Affected Versions: COMOS V10.3 versions prior to V10.3.3.5.8 COMOS V10.4.0 versions prior to V10.4.4.2 COMOS V10.4.1 versions prior to V10.4.4.2 COMOS V10.4.2 versions prior to V10.4.4.2 COMOS V10.4.3 versions prior to V10.4.3.0.47 COMOS V10.4.4 versions prior ...