Lucene search
K

174 matches found

CVE
CVE
added 2022/01/11 11:27 a.m.81 views

CVE-2021-37197

Siemens COMOS Web component is affected by SQL injection (CVE-2021-37197). Affected: COMOS V10.2 (all versions when web components are used), V10.3 (all versions before 10.3.3.3 when web components are used), V10.4 (all versions before 10.4.1 when web components are used). Root cause: SQL injecti...

8.8CVSS8.8AI score0.00816EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/11 11:27 a.m.19 views

CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...

9AI score0.00816EPSS
Exploits0References1
CVE
CVE
added 2022/01/11 11:27 a.m.84 views

CVE-2021-37195

CVE-2021-37195 affects Siemens COMOS Web component involving the loading of attachments in tasks. Affected: COMOS V10.2 (all versions when web components are used); V10.3 (all versions before 10.3.3.3, only if web components are used); V10.4 (all versions before 10.4.1, only if web components are...

6.1CVSS6.3AI score0.00509EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/01/11 11:27 a.m.80 views

CVE-2021-37196

Siemens COMOS Web component contains a path traversal vulnerability (CVE-2021-37196) affecting COMOS Web in V10.2 (all versions when web components are used), V10.3 (before 10.3.3.3; and all versions ≥ 10.3.3.3 if web components are used), and V10.4 (before 10.4.1 if web components are used). The...

6.5CVSS6.2AI score0.00782EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/01/11 11:27 a.m.21 views

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS accepts arbitrary code as...

6.5AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/11 11:27 a.m.30 views

CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions = V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS unpacks specially crafted archi...

6.4AI score0.00782EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.5 views

Siemens Comos 跨站请求伪造漏洞

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, preservation, and distribution of information throughout the plant lifecycle.A cross-site request forgery vulnerability exists in the Siemens COMOS Web component,...

8.8CVSS5.4AI score0.00361EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.2 views

Siemens Comos 路径遍历漏洞

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A path traversal vulnerability exists in the Siemens COMOS Web component, which could be...

6.5CVSS5.6AI score0.00782EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.1 views

Siemens Comos SQL注入漏洞

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, storage and distribution of information throughout the plant lifecycle.A SQL injection vulnerability exists in the Siemens COMOS Web component, which can be exploit...

8.8CVSS6.2AI score0.00816EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/01/11 12:0 a.m.3 views

Siemens Comos 跨站脚本漏洞

COMOS is a unified data platform for collaborative plant design, operations, and management that supports the collection, processing, storage, and distribution of information throughout the plant lifecycle.A cross-site scripting vulnerability exists in the Siemens COMOS Web component that could b...

6.1CVSS5.3AI score0.00509EPSS
Exploits0References5
ICS
ICS
added 2022/01/11 12:0 a.m.63 views

Siemens COMOS Web (Update A)

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: COMOS Vulnerabilities: Basic XSS, Relative Path Traversal, SQL Injection, Cross-site Request Forgery 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update...

8.8CVSS8.8AI score0.00847EPSS
Exploits0References11
seebug.org
seebug.org
added 2015/10/10 12:0 a.m.17 views

Siemens COMOS 本地提权漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2013/12/10 4:55 p.m.18 views

CVE-2013-6840

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...

6.9CVSS6.5AI score0.00309EPSS
Exploits0References3
Prion
Prion
added 2013/12/10 4:55 p.m.14 views

Design/Logic Flaw

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...

6.9CVSS7AI score0.00309EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/12/10 3:0 p.m.23 views

CVE-2013-6840

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors...

6.5AI score0.00309EPSS
Exploits0References3
CVE
CVE
added 2013/12/10 3:0 p.m.55 views

CVE-2013-6840

Siemens COMOS contains a local privilege-escalation vulnerability (CVE-2013-6840) that could let authenticated local users gain database privileges. Affected products are COMOS versions prior to 9.2.0.8.1, 10.0 prior to 10.0.3.1.40, and 10.1 prior to 10.1.0.0.2. The vectors are unspecified in the...

6.9CVSS6.7AI score0.00309EPSS
Exploits0References3Affected Software1
ICS
ICS
added 2013/09/15 6:0 a.m.44 views

Siemens COMOS Privilege Escalation

OVERVIEW Siemens notified NCCIC/ICS-CERT of a privilege escalation vulnerability in the Siemens COMOS database application. An update has been produced by Siemens and is available to resolve the vulnerability. The client application used for accessing the database system might allow authenticated...

6.9CVSS6.3AI score0.00309EPSS
Exploits0References10
NVD
NVD
added 2013/08/09 7:55 p.m.18 views

CVE-2013-4943

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...

7.2CVSS6.6AI score0.00432EPSS
Exploits0References1
Prion
Prion
added 2013/08/09 7:55 p.m.18 views

Design/Logic Flaw

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...

7.2CVSS7AI score0.00432EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/08/09 7:0 p.m.52 views

CVE-2013-4943

Siemens COMOS contains a privilege-escalation vulnerability (CVE-2013-4943) in the client application that allows a local, authenticated user to bypass database-operation restrictions via COMOS project access. Affected products/versions: COMOS pre-9.1 (all), 9.1 Upd458, 9.2 before 9.2.0.6.37, and...

7.2CVSS6.8AI score0.00432EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder