CVE-2024-54005 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-54005 PUBLISHED CVSS 5.099999904632568 MEDIUM

A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.

EPSS 0.05% · 16.0th percentile

Risk Scores

CVSS v3.1

5.099999904632568

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.05%

16.0th percentile

Affected Products

Vendor	Product	Versions
Siemens	COMOS V10.3	0
Siemens	COMOS V10.4.0	0
Siemens	COMOS V10.4.1	0
Siemens	COMOS V10.4.4.1	0
Siemens	COMOS V10.4.2	0
Siemens	COMOS V10.4.4	0
Siemens	COMOS V10.4.3	0

Timeline

Dec 10, 2024 CVE Published
Dec 10, 2024 CVE Updated
Dec 10, 2024 PoC Published
Dec 11, 2024 EPSS Score
Dec 12, 2024 PoC Published
Dec 27, 2024 EPSS Score
Jan 12, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 14, 2025 EPSS Score
Mar 2, 2025 EPSS Score
Mar 18, 2025 EPSS Score
Apr 3, 2025 EPSS Score

References

Open in Interactive Console →