Siemens Comos V10.2 vulnerabilities
6 known vulnerabilities affecting siemens/comos_v10.2.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-24482CRITICALCVSS 9.8vAll versions2023-02-14
CVE-2023-24482 [CRITICAL] CWE-120 CVE-2023-24482: A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), CO
cvelistv5nvd
CVE-2021-37194HIGHCVSS 7.5vAll versions only if web components are used2022-02-09
CVE-2021-37194 [HIGH] CWE-434 CVE-2021-37194: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow a
cvelistv5nvd
CVE-2021-37197HIGHCVSS 8.8vAll versions only if web components are used2022-01-11
CVE-2021-37197 [HIGH] CWE-89 CVE-2021-37197: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitra
cvelistv5nvd
CVE-2021-37198HIGHCVSS 8.8vAll versions only if web components are used2022-01-11
CVE-2021-37198 [HIGH] CWE-352 CVE-2021-37198: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this
cvelistv5nvd
CVE-2021-37196MEDIUMCVSS 6.5vAll versions only if web components are used2022-01-11
CVE-2021-37196 [MEDIUM] CWE-23 CVE-2021-37196: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions = V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability
cvelistv5nvd
CVE-2021-37195MEDIUMCVSS 6.1vAll versions only if web components are used2022-01-11
CVE-2021-37195 [MEDIUM] CWE-80 CVE-2021-37195: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to
cvelistv5nvd