VDB
CVE-2024-54005
CVE-2024-54005
PUBLISHED
CVSS 5.099999904632568 MEDIUM
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.
EPSS 0.07% · 21.6th percentile
Risk Scores
CVSS 3.1
5.099999904632568
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.07%
21.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | COMOS V10.3 | 0 |
| Siemens | COMOS V10.4.0 | 0 |
| Siemens | COMOS V10.4.1 | 0 |
| Siemens | COMOS V10.4.4.1 | 0 |
| Siemens | COMOS V10.4.2 | 0 |
| Siemens | COMOS V10.4.4 | 0 |
| Siemens | COMOS V10.4.3 | 0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-54005 (circl-sighting)
- CIRCL seen: CVE-2024-54005 (circl-sighting)
- https://cert-portal.siemens.com/productcert/html/ssa-701627.html (circl)
Timeline
- Dec 10, 2024 CVE Published
- Dec 10, 2024 PoC Published
- Dec 11, 2024 EPSS Score
- Dec 12, 2024 PoC Published
- Dec 28, 2024 EPSS Score
- Jan 13, 2025 EPSS Score
- Jan 30, 2025 EPSS Score
- Feb 16, 2025 EPSS Score
- Mar 5, 2025 EPSS Score
- Mar 21, 2025 EPSS Score
- Apr 7, 2025 EPSS Score
- Apr 24, 2025 EPSS Score