SSA-701627 — Vulnetix

SSA-701627 PUBLISHED CVSS 5.5 MEDIUM

COMOS is affected by XXE injection vulnerabilities that could allow an attacker to extract arbitrary application files. Siemens has released new versions for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where fixes are not, or not yet available.

Risk Scores

CVSS 3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
	COMOS V10.3
	COMOS V10.4.4
	COMOS V10.4.2
	COMOS V10.4.0
	COMOS V10.4.1
	COMOS V10.4.4.1
	COMOS V10.4.3

Exploit Intelligence

https://cert-portal.siemens.com/productcert/html/ssa-701627.html (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-701627.json (circl)
https://support.sw.siemens.com/product/222981661/ (circl)

Timeline

Dec 10, 2024 CVE Published

References

https://cert-portal.siemens.com/productcert/html/ssa-701627.html advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-701627.json advisory
https://support.sw.siemens.com/product/222981661/ fix

Open in Interactive Console →