ICSA-23-320-09 — Vulnetix

ICSA-23-320-09 PUBLISHED CVSS 9.800000190734863 CRITICAL

COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released an update for COMOS and recommends to update to the latest version. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	COMOS

Timeline

Nov 14, 2023 CVE Published

References

https://cert-portal.siemens.com/productcert/csaf/ssa-137900.json advisory
https://cert-portal.siemens.com/productcert/html/ssa-137900.html advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-137900.txt advisory
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-320-09.json advisory
https://www.cisa.gov/news-events/ics-advisories/icsa-23-320-09 advisory
https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
https://www.cisa.gov/topics/industrial-control-systems url
https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url

Open in Interactive Console →