CVE-2021-37197

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS is vulnerable to SQL injections...

CVE-2021-37194

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS allows to upload and store...

CVE-2021-37198

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS uses a flawed implementation of...

CVE-2021-37196

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions = V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS unpacks specially crafted archi...

CVE-2021-37195

A vulnerability has been identified in COMOS V10.2 All versions only if web components are used, COMOS V10.3 All versions V10.3.3.3 only if web components are used, COMOS V10.4 All versions V10.4.1 only if web components are used. The COMOS Web component of COMOS accepts arbitrary code as...

CVE-2013-3927

Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access...

CVE-2012-3009

Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls...

CVE-2013-4943

The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access...

The vulnerabilities of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the software for designing, operating, and maintaining technological installations like COMOS, allow attackers to execute XXE attacks.

The vulnerability of the Generic Data Mapper, Engineering Adapter, and Engineering Interface modules of the COMOS software for designing, operating, and maintaining technological installations is related to a bug that restricts XML references to external objects. Exploiting this vulnerability cou...

Siemens COMOS XXE Injection Vulnerability

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

Siemens COMOS XXE Injection Vulnerability (CNVD-2024-47911)

COMOS is a unified data platform for collaborative plant design, operations and management that supports the collection, processing, preservation and distribution of information throughout the plant lifecycle. Siemens COMOS suffers from an XXE injection vulnerability that can be exploited by an...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

CVE-2024-49704

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The Generic Da...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

CVE-2024-54005

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The PDMS/E3D...

CVE-2024-54005

CVE-2024-54005 describes an XXE handling flaw in the PDMS/E3D Engineering Interface within Siemens COMOS. Affected software ranges include: COMOS V10.3: all versions before V10.3.3.5.8 COMOS V10.4.x: all versions except specific fixed updates listed below V10.4.0, V10.4.1, V10.4.2: all versions a...

CVE-2024-49704

CVE-2024-49704 affects Siemens COMOS components (Generic Data Mapper, Engineering Adapter, Engineering Interface) across V10.3/V10.4.x ranges. The flaw is improper handling of XML External Entity (XXE) entries when parsing configuration/mapping files, enabling an attacker to extract files at know...

CVE-2024-49704

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The Generic Da...

CVE-2024-49704

A vulnerability has been identified in COMOS V10.3 All versions V10.3.3.5.8, COMOS V10.4.0 All versions, COMOS V10.4.1 All versions, COMOS V10.4.2 All versions, COMOS V10.4.3 All versions V10.4.3.0.47, COMOS V10.4.4 All versions V10.4.4.2, COMOS V10.4.4.1 All versions V10.4.4.1.21. The Generic Da...

PT-2024-36012 · Siemens · Comos

Name of the Vulnerable Software and Affected Versions: COMOS V10.3 versions prior to V10.3.3.5.8 COMOS V10.4.0 versions prior to V10.4.0 COMOS V10.4.1 versions prior to V10.4.1 COMOS V10.4.2 versions prior to V10.4.2 COMOS V10.4.3 versions prior to V10.4.3.0.47 COMOS V10.4.4 versions prior to...