174 matches found
CVE-2021-37197
Siemens COMOS Web component is affected by SQL injection (CVE-2021-37197). Affected: COMOS V10.2 (all versions when web components are used), V10.3 (all versions before 10.3.3.3 when web components are used), V10.4 (all versions before 10.4.1 when web components are used). Root cause: SQL injecti...
CVE-2021-37197
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...
CVE-2021-37195
CVE-2021-37195 affects Siemens COMOS Web component involving the loading of attachments in tasks. Affected: COMOS V10.2 (all versions when web components are used); V10.3 (all versions before 10.3.3.3, only if web components are used); V10.4 (all versions before 10.4.1, only if web components are...
CVE-2021-37196
Siemens COMOS Web component contains a path traversal vulnerability (CVE-2021-37196) affecting COMOS Web in V10.2 (all versions when web components are used), V10.3 (before 10.3.3.3; and all versions ≥ 10.3.3.3 if web components are used), and V10.4 (before 10.4.1 if web components are used). The...
CVE-2021-37195
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS accepts arbitrary code as...
CVE-2021-37196
A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions = V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS unpacks specially crafted archi...
Siemens Comos 跨站请求伪造漏洞
COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, preservation, and distribution of information throughout the plant lifecycle.A cross-site request forgery vulnerability exists in the Siemens COMOS Web component,...
Siemens Comos 路径遍历漏洞
COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A path traversal vulnerability exists in the Siemens COMOS Web component, which could be...
Siemens Comos SQL注入漏洞
COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, storage and distribution of information throughout the plant lifecycle.A SQL injection vulnerability exists in the Siemens COMOS Web component, which can be exploit...
Siemens Comos 跨站脚本漏洞
COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...
Siemens COMOS Web (Update A)
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Basic XSS, Relative Path Traversal, SQL Injection, Cross-site Request Forgery 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...
Siemens COMOS 本地提权漏洞
No description provided by source...
CVE-2013-6840
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...
Design/Logic Flaw
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...
CVE-2013-6840
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...
CVE-2013-6840
Siemens COMOS contains a local privilege-escalation vulnerability (CVE-2013-6840) that could let authenticated local users gain database privileges. Affected products are COMOS versions prior to 9.2.0.8.1, 10.0 prior to 10.0.3.1.40, and 10.1 prior to 10.1.0.0.2. The vectors are unspecified in the...
Siemens COMOS Privilege Escalation
OVERVIEW Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability. The client application used for accessing the database system might allow authenticated...
CVE-2013-4943
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...
Design/Logic Flaw
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...
CVE-2013-4943
Siemens COMOS contains a privilege-escalation vulnerability (CVE-2013-4943) in the client application that allows a local, authenticated user to bypass database-operation restrictions via COMOS project access. Affected products/versions: COMOS pre-9.1 (all), 9.1 Upd458, 9.2 before 9.2.0.6.37, and...