31 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2021-45046
Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.
CVE-2021-25178
Open Design Alliance Drawings SDK (pre-2021.12) contains a stack-based buffer overflow when parsing DXF/DWG files, CVE-2021-25178. This vulnerability could allow code execution or crash/DoS in affected deployments. Connected advisories (ICS/CISA) specify the affected Drawings SDK versions and ide...
CVE-2021-37194
CVE-2021-37194 affects Siemens COMOS, specifically the COMOS Web component. The vulnerability arises from an unrestricted upload mechanism that allows uploading and storing arbitrary files on the web server, enabling attackers to place malicious files. Affected are COMOS Web-enabled deployments: ...
CVE-2021-37198
Siemens COMOS Web Component CSRF vulnerability (CVE-2021-37198) affects COMOS Web when web components are used: v10.2 all versions; v10.3 all versions before 10.3.3.3; v10.4 all versions before 10.4.1. The issue stems from a flawed CSRF prevention implementation, enabling cross-site request forge...
CVE-2021-25173
CVE-2021-25173 affects the Open Design Alliance Drawings SDK prior to 2021.12. The vulnerability is a memory allocation with excessive size when parsing malformed DGN files, which can cause a crash and potentially enable denial of service. Multiple connected advisories confirm the impact and prov...
CVE-2021-25177
Open Design Alliance Drawings SDK before 2021.11 contains a Type Confusion vulnerability when rendering malformed DXF/DWG files, leading to crashes or denial-of-service conditions. Public sources (including ICSA-21-047-01 and NVD/NV D equivalents) corroborate the issue and map this CVE to a type-...
CVE-2021-25174
CVE-2021-25174 affects the Open Design Alliance Drawings SDK prior to 2021.12. A memory corruption vulnerability occurs when parsing malformed DGN files, potentially causing a crash or denial of service. The issue is mitigated by upgrading to Drawings SDK 2021.12 or later (as per Siemens/Open Des...
CVE-2021-25176
CVE-2021-25176 affects the Open Design Alliance Drawings SDK. It is a NULL pointer/untrusted pointer dereference when parsing malformed DXF/DWG files, leading to crashes and potential denial-of-service (with some sources indicating possible code execution). Affected versions are prior to 2021.11/...
CVE-2021-25175
CVE-2021-25175 affects the Open Design Alliance Drawings SDK prior to 2021.11. It is a UNTRUSTED POINTER DEREFERENCE vulnerability that occurs while parsing DXF/DWG files, potentially allowing remote code execution in the context of the affected process. Public advisories (ZDI) describe remote co...
CVE-2021-37195
CVE-2021-37195 affects Siemens COMOS Web component involving the loading of attachments in tasks. Affected: COMOS V10.2 (all versions when web components are used); V10.3 (all versions before 10.3.3.3, only if web components are used); V10.4 (all versions before 10.4.1, only if web components are...
CVE-2021-37197
Siemens COMOS Web component is affected by SQL injection (CVE-2021-37197). Affected: COMOS V10.2 (all versions when web components are used), V10.3 (all versions before 10.3.3.3 when web components are used), V10.4 (all versions before 10.4.1 when web components are used). Root cause: SQL injecti...
CVE-2021-32948
CVE-2021-32948 describes an out-of-bounds write in the DWG file-reading procedure of the Open Design Alliance Drawings SDK (prior to 2022.4), caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer and may lead to denial of service or code execu...
CVE-2021-37196
Siemens COMOS Web component contains a path traversal vulnerability (CVE-2021-37196) affecting COMOS Web in V10.2 (all versions when web components are used), V10.3 (before 10.3.3.3; and all versions ≥ 10.3.3.3 if web components are used), and V10.4 (before 10.4.1 if web components are used). The...
CVE-2021-32936
CVE-2021-32936 is an out-of-bounds write in the Open Design Alliance Drawings SDK (prior to 2022.4) during parsing of DXF files, caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer, enabling denial-of-service or arbitrary code execution in t...
CVE-2021-32944
Summary: CVE-2021-32944 is a use-after-free vulnerability in the Open Design Alliance Drawings SDK (DGN file-reading path) affecting all versions prior to 2022.4, caused by insufficient validation of user-supplied data, leading to memory corruption and potential code execution or DoS. The issue i...
CVE-2021-32950
CVE-2021-32950 concerns the Open Design Alliance Drawings SDK DXF parsing. The issue is an out-of-bounds read when processing DXF files in all versions before 2022.4, caused by insufficient validation of untrusted input. This can lead to reading beyond an allocated buffer and may enable denial-of...
CVE-2021-31784
CVE-2021-31784 describes an out-of-bounds write in Open Design Alliance Drawings SDK prior to 2021.6 during file parsing (DXF/DGN). The issue can crash the process or enable code execution in the context of the current process, with some sources noting potential remote code execution when process...
CVE-2021-32938
CVE-2021-32938 affects the Open Design Alliance Drawings SDK (prior to 2022.4). The vulnerability is an out-of-bounds read when parsing DWG files, caused by insufficient validation of user-supplied data. This can lead to reading past the end of an allocated buffer and may enable denial-of-service...
CVE-2021-32940
CVE-2021-32940 is an out-of-bounds read in the Open Design Alliance Drawings SDK DWG file-recovering procedure, affecting all versions prior to 2022.5. The issue stems from improper validation of user-supplied data and can cause a read past the end of an allocated buffer, enabling denial-of-servi...
CVE-2021-32946
CVE-2021-32946 affects Siemens/Open Design Alliance Drawings SDK parsing of DGN files (Versions 2022.4 and earlier). Root cause: improper validation of user-supplied data in the Drawings SDK parsing path, leading to out-of-bounds conditions that may cause denial-of-service or code execution in th...
CVE-2023-43505
CVE-2023-43505 affects Siemens COMOS (all versions) with an impaired access-control mechanism on SMB shares, enabling an attacker to access files beyond the user’s rights. The root cause is improper SMB access control in COMOS. Impact is high for confidentiality (C:H) with network access and low ...
CVE-2021-32952
The CVE-2021-32952 entry concerns the Open Design Alliance Drawings SDK (DGN file-reading procedure) with versions up to 2022.4. Root cause: an out-of-bounds write due to insufficient validation of user-supplied data, enabling a write past the end of an allocated buffer. Impact: denial-of-service...
CVE-2023-24482
CVE-2023-24482 affects Siemens COMOS, with SEH-based buffer overflow in the Cache validation service across V10.2 all versions through V10.4.2.0.25 (and older subreleases prior to fixed builds). Exploitation could lead to remote arbitrary code execution or denial of service. Siemens/Siemens Produ...
CVE-2023-46601
Summary of CVE-2023-46601 : Siemens COMOS (All versions) is affected by an access control vulnerability in the SQLServer connection path, enabling an attacker to query the database and access information beyond the user’s rights. The issue is described across multiple feeds as an improper access ...
CVE-2023-43503
CVE-2023-43503 affects Siemens COMOS (All versions
CVE-2013-6840
Siemens COMOS contains a local privilege-escalation vulnerability (CVE-2013-6840) that could let authenticated local users gain database privileges. Affected products are COMOS versions prior to 9.2.0.8.1, 10.0 prior to 10.0.3.1.40, and 10.1 prior to 10.1.0.0.2. The vectors are unspecified in the...
CVE-2023-43504
Siemens COMOS is affected (all versions
CVE-2013-4943
Siemens COMOS contains a privilege-escalation vulnerability (CVE-2013-4943) in the client application that allows a local, authenticated user to bypass database-operation restrictions via COMOS project access. Affected products/versions: COMOS pre-9.1 (all), 9.1 Upd458, 9.2 before 9.2.0.6.37, and...
CVE-2013-3927
CVE-2013-3927 affects Siemens COMOS: 9.2 versions prior to 9.2.0.6.10 and 10.0 versions prior to 10.0.3.0.4. The vulnerability stems from the client library, where authenticated local users with read access can leverage the library to gain unintended write access to the COMOS database, enabling m...
CVE-2012-3009
Siemens COMOS is affected by CVE-2012-3009. A privilege-escalation flaw allows remote authenticated users to obtain database administrative access via unspecified method calls. Affected versions include: all versions before 9.1, 9.1 with Patch 412/413, 9.2 with Update 3 Patch 022/023, and 10.0 wi...