Siemens Comos vulnerabilities

CVE-2021-25174 [HIGH] CWE-787 CVE-2021-25174: An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vul An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

CVE-2021-25173 [HIGH] CWE-770 CVE-2021-25173: An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation wit An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

CVE-2021-25177 [HIGH] CWE-843 CVE-2021-25177: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2021-25176 [HIGH] CWE-476 CVE-2021-25176: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer derefere An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2021-25178 [HIGH] CWE-787 CVE-2021-25178: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer ov An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is run with malformed .DXF and .DWG files. This can allow attackers to cause a crash potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution.

CVE-2021-25175 [HIGH] CWE-704 CVE-2021-25175: An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

CVE-2013-6840 [MEDIUM] CWE-264 CVE-2013-6840: Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local use Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.

CVE-2013-4943 [HIGH] CWE-264 CVE-2013-4943: The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 befor The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.

CVE-2013-3927 [MEDIUM] CVE-2013-3927: Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 befo Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.

CVE-2012-3009 [HIGH] CWE-264 CVE-2012-3009: Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.