CVE-2023-43505Improper Access Control in Siemens Comos

CWE-284Improper Access Control3 documents3 sources
Severity
6.5MEDIUMNVD
CNA9.6
EPSS
0.2%
top 62.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Siemens Comos
Timeline
PublishedNov 14

Description

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker to access files that the user should not have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5siemens/comosAll versions

🔴Vulnerability Details

2
GHSA
GHSA-65vf-c6c4-w8jr: A vulnerability has been identified in COMOS (All versions)2023-11-14
CVEList
CVE-2023-43505: A vulnerability has been identified in COMOS (All versions)2023-11-14
CVE-2023-43505 — Improper Access Control in Siemens | cvebase