Lucene search
K
SiemensComos

31 matches found

cve
cve
added 2021/12/10 12:0 a.m.6877 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wildWeb
cve
cve
added 2021/12/14 4:55 p.m.1735 views

CVE-2021-45046

Technical details for CVE-2021-45046 are not publicly provided in the supplied documents. Monitor for updates from official advisories; sources here reference fixes for other Log4j CVEs but do not specify 45046 specifics.

9CVSS9.7AI score0.99977EPSS
In wild
cve
cve
added 2021/01/18 7:12 a.m.110 views

CVE-2021-25178

Open Design Alliance Drawings SDK (pre-2021.12) contains a stack-based buffer overflow when parsing DXF/DWG files, CVE-2021-25178. This vulnerability could allow code execution or crash/DoS in affected deployments. Connected advisories (ICS/CISA) specify the affected Drawings SDK versions and ide...

7.8CVSS7.8AI score0.0323EPSS
cve
cve
added 2022/02/09 3:16 p.m.96 views

CVE-2021-37194

CVE-2021-37194 affects Siemens COMOS, specifically the COMOS Web component. The vulnerability arises from an unrestricted upload mechanism that allows uploading and storing arbitrary files on the web server, enabling attackers to place malicious files. Affected are COMOS Web-enabled deployments: ...

7.5CVSS7.3AI score0.00847EPSS
cve
cve
added 2022/01/11 11:27 a.m.93 views

CVE-2021-37198

Siemens COMOS Web Component CSRF vulnerability (CVE-2021-37198) affects COMOS Web when web components are used: v10.2 all versions; v10.3 all versions before 10.3.3.3; v10.4 all versions before 10.4.1. The issue stems from a flawed CSRF prevention implementation, enabling cross-site request forge...

8.8CVSS8.4AI score0.00361EPSS
cve
cve
added 2021/01/18 7:14 a.m.91 views

CVE-2021-25173

CVE-2021-25173 affects the Open Design Alliance Drawings SDK prior to 2021.12. The vulnerability is a memory allocation with excessive size when parsing malformed DGN files, which can cause a crash and potentially enable denial of service. Multiple connected advisories confirm the impact and prov...

7.8CVSS7.4AI score0.02286EPSS
cve
cve
added 2021/01/18 7:13 a.m.90 views

CVE-2021-25177

Open Design Alliance Drawings SDK before 2021.11 contains a Type Confusion vulnerability when rendering malformed DXF/DWG files, leading to crashes or denial-of-service conditions. Public sources (including ICSA-21-047-01 and NVD/NV D equivalents) corroborate the issue and map this CVE to a type-...

7.8CVSS7.4AI score0.02286EPSS
cve
cve
added 2021/01/18 7:14 a.m.87 views

CVE-2021-25174

CVE-2021-25174 affects the Open Design Alliance Drawings SDK prior to 2021.12. A memory corruption vulnerability occurs when parsing malformed DGN files, potentially causing a crash or denial of service. The issue is mitigated by upgrading to Drawings SDK 2021.12 or later (as per Siemens/Open Des...

7.8CVSS7.6AI score0.02216EPSS
cve
cve
added 2021/01/18 7:13 a.m.87 views

CVE-2021-25176

CVE-2021-25176 affects the Open Design Alliance Drawings SDK. It is a NULL pointer/untrusted pointer dereference when parsing malformed DXF/DWG files, leading to crashes and potential denial-of-service (with some sources indicating possible code execution). Affected versions are prior to 2021.11/...

7.8CVSS7.4AI score0.02286EPSS
cve
cve
added 2021/01/18 7:13 a.m.84 views

CVE-2021-25175

CVE-2021-25175 affects the Open Design Alliance Drawings SDK prior to 2021.11. It is a UNTRUSTED POINTER DEREFERENCE vulnerability that occurs while parsing DXF/DWG files, potentially allowing remote code execution in the context of the affected process. Public advisories (ZDI) describe remote co...

7.8CVSS7.3AI score0.0263EPSS
cve
cve
added 2022/01/11 11:27 a.m.84 views

CVE-2021-37195

CVE-2021-37195 affects Siemens COMOS Web component involving the loading of attachments in tasks. Affected: COMOS V10.2 (all versions when web components are used); V10.3 (all versions before 10.3.3.3, only if web components are used); V10.4 (all versions before 10.4.1, only if web components are...

6.1CVSS6.3AI score0.00509EPSS
cve
cve
added 2022/01/11 11:27 a.m.82 views

CVE-2021-37197

Siemens COMOS Web component is affected by SQL injection (CVE-2021-37197). Affected: COMOS V10.2 (all versions when web components are used), V10.3 (all versions before 10.3.3.3 when web components are used), V10.4 (all versions before 10.4.1 when web components are used). Root cause: SQL injecti...

8.8CVSS8.8AI score0.00816EPSS
cve
cve
added 2021/06/17 12:0 a.m.80 views

CVE-2021-32948

CVE-2021-32948 describes an out-of-bounds write in the DWG file-reading procedure of the Open Design Alliance Drawings SDK (prior to 2022.4), caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer and may lead to denial of service or code execu...

7.8CVSS7.7AI score0.02705EPSS
cve
cve
added 2022/01/11 11:27 a.m.80 views

CVE-2021-37196

Siemens COMOS Web component contains a path traversal vulnerability (CVE-2021-37196) affecting COMOS Web in V10.2 (all versions when web components are used), V10.3 (before 10.3.3.3; and all versions ≥ 10.3.3.3 if web components are used), and V10.4 (before 10.4.1 if web components are used). The...

6.5CVSS6.2AI score0.00782EPSS
cve
cve
added 2021/06/17 12:0 a.m.78 views

CVE-2021-32936

CVE-2021-32936 is an out-of-bounds write in the Open Design Alliance Drawings SDK (prior to 2022.4) during parsing of DXF files, caused by insufficient validation of user-supplied data. This can write past the end of an allocated buffer, enabling denial-of-service or arbitrary code execution in t...

7.8CVSS7.7AI score0.02775EPSS
cve
cve
added 2021/06/17 12:50 p.m.78 views

CVE-2021-32944

Summary: CVE-2021-32944 is a use-after-free vulnerability in the Open Design Alliance Drawings SDK (DGN file-reading path) affecting all versions prior to 2022.4, caused by insufficient validation of user-supplied data, leading to memory corruption and potential code execution or DoS. The issue i...

7.8CVSS7.8AI score0.02668EPSS
cve
cve
added 2021/06/17 12:41 p.m.78 views

CVE-2021-32950

CVE-2021-32950 concerns the Open Design Alliance Drawings SDK DXF parsing. The issue is an out-of-bounds read when processing DXF files in all versions before 2022.4, caused by insufficient validation of untrusted input. This can lead to reading beyond an allocated buffer and may enable denial-of...

7.1CVSS6.6AI score0.0205EPSS
cve
cve
added 2021/04/26 6:3 p.m.77 views

CVE-2021-31784

CVE-2021-31784 describes an out-of-bounds write in Open Design Alliance Drawings SDK prior to 2021.6 during file parsing (DXF/DGN). The issue can crash the process or enable code execution in the context of the current process, with some sources noting potential remote code execution when process...

7.8CVSS7.6AI score0.00852EPSS
cve
cve
added 2021/06/17 12:0 a.m.77 views

CVE-2021-32938

CVE-2021-32938 affects the Open Design Alliance Drawings SDK (prior to 2022.4). The vulnerability is an out-of-bounds read when parsing DWG files, caused by insufficient validation of user-supplied data. This can lead to reading past the end of an allocated buffer and may enable denial-of-service...

7.1CVSS6.7AI score0.01443EPSS
cve
cve
added 2021/06/17 12:0 a.m.75 views

CVE-2021-32940

CVE-2021-32940 is an out-of-bounds read in the Open Design Alliance Drawings SDK DWG file-recovering procedure, affecting all versions prior to 2022.5. The issue stems from improper validation of user-supplied data and can cause a read past the end of an allocated buffer, enabling denial-of-servi...

7.1CVSS6.7AI score0.0205EPSS
cve
cve
added 2021/06/17 11:56 a.m.72 views

CVE-2021-32946

CVE-2021-32946 affects Siemens/Open Design Alliance Drawings SDK parsing of DGN files (Versions 2022.4 and earlier). Root cause: improper validation of user-supplied data in the Drawings SDK parsing path, leading to out-of-bounds conditions that may cause denial-of-service or code execution in th...

7.8CVSS7.5AI score0.02801EPSS
cve
cve
added 2023/11/14 11:3 a.m.68 views

CVE-2023-43505

CVE-2023-43505 affects Siemens COMOS (all versions) with an impaired access-control mechanism on SMB shares, enabling an attacker to access files beyond the user’s rights. The root cause is improper SMB access control in COMOS. Impact is high for confidentiality (C:H) with network access and low ...

9.6CVSS6.3AI score0.00516EPSS
cve
cve
added 2021/06/17 12:5 p.m.67 views

CVE-2021-32952

The CVE-2021-32952 entry concerns the Open Design Alliance Drawings SDK (DGN file-reading procedure) with versions up to 2022.4. Root cause: an out-of-bounds write due to insufficient validation of user-supplied data, enabling a write past the end of an allocated buffer. Impact: denial-of-service...

7.8CVSS7.7AI score0.02705EPSS
cve
cve
added 2023/02/14 10:36 a.m.64 views

CVE-2023-24482

CVE-2023-24482 affects Siemens COMOS, with SEH-based buffer overflow in the Cache validation service across V10.2 all versions through V10.4.2.0.25 (and older subreleases prior to fixed builds). Exploitation could lead to remote arbitrary code execution or denial of service. Siemens/Siemens Produ...

10CVSS9.6AI score0.00813EPSS
cve
cve
added 2023/11/14 11:4 a.m.62 views

CVE-2023-46601

Summary of CVE-2023-46601 : Siemens COMOS (All versions) is affected by an access control vulnerability in the SQLServer connection path, enabling an attacker to query the database and access information beyond the user’s rights. The issue is described across multiple feeds as an improper access ...

9.6CVSS7.6AI score0.00521EPSS
cve
cve
added 2023/11/14 11:3 a.m.61 views

CVE-2023-43503

CVE-2023-43503 affects Siemens COMOS (All versions

7.5CVSS7.2AI score0.00309EPSS
cve
cve
added 2013/12/10 3:0 p.m.55 views

CVE-2013-6840

Siemens COMOS contains a local privilege-escalation vulnerability (CVE-2013-6840) that could let authenticated local users gain database privileges. Affected products are COMOS versions prior to 9.2.0.8.1, 10.0 prior to 10.0.3.1.40, and 10.1 prior to 10.1.0.0.2. The vectors are unspecified in the...

6.9CVSS6.7AI score0.00309EPSS
cve
cve
added 2023/11/14 11:3 a.m.54 views

CVE-2023-43504

Siemens COMOS is affected (all versions

9.8CVSS9.6AI score0.00851EPSS
cve
cve
added 2013/08/09 7:0 p.m.52 views

CVE-2013-4943

Siemens COMOS contains a privilege-escalation vulnerability (CVE-2013-4943) in the client application that allows a local, authenticated user to bypass database-operation restrictions via COMOS project access. Affected products/versions: COMOS pre-9.1 (all), 9.1 Upd458, 9.2 before 9.2.0.6.37, and...

7.2CVSS6.8AI score0.00432EPSS
cve
cve
added 2013/06/18 6:45 p.m.51 views

CVE-2013-3927

CVE-2013-3927 affects Siemens COMOS: 9.2 versions prior to 9.2.0.6.10 and 10.0 versions prior to 10.0.3.0.4. The vulnerability stems from the client library, where authenticated local users with read access can leverage the library to gain unintended write access to the COMOS database, enabling m...

4.6CVSS6.3AI score0.00362EPSS
cve
cve
added 2012/08/16 10:0 a.m.47 views

CVE-2012-3009

Siemens COMOS is affected by CVE-2012-3009. A privilege-escalation flaw allows remote authenticated users to obtain database administrative access via unspecified method calls. Affected versions include: all versions before 9.1, 9.1 with Patch 412/413, 9.2 with Update 3 Patch 022/023, and 10.0 wi...

8.5CVSS6.4AI score0.02149EPSS