VDB
ICSA-26-043-03
ICSA-26-043-03
PUBLISHED
CVSS 3.700000047683716 LOW
COMOS is affected by multiple vulnerabilities that could allow an attacker to execute arbitrary code or cause denial of service condition, data infiltration or perform access control violations. Siemens has released new versions for the affected products and recommends to update to the latest versions.
Risk Scores
CVSS v3.1
3.700000047683716
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| COMOS V10.4.5 | ||
| COMOS V10.4 | ||
| COMOS V10.6 | ||
| COMOS V10.5 |
Timeline
- Dec 9, 2025 CVE Published
- Mar 12, 2026 CVE Updated
References
- https://cert-portal.siemens.com/productcert/csaf/ssa-212953.json advisory
- https://cert-portal.siemens.com/productcert/html/ssa-212953.html advisory
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2026/icsa-26-043-03.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-26-043-03 advisory
- https://www.cisa.gov/news-events/ics-alerts/ics-alert-10-301-01 url
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices url
- https://www.cisa.gov/topics/industrial-control-systems url
- https://www.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf url
- https://www.cisa.gov/news-events/news/targeted-cyber-intrusion-detection-and-mitigation-strategies-update-b url
- https://support.sw.siemens.com/product/222981661/ fix