Siemens Comos V10.3 vulnerabilities

CVE-2024-54005 [MEDIUM] CWE-611 CVE-2024-54005: A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly h

CVE-2024-49704 [MEDIUM] CWE-611 CVE-2024-49704: A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapte

CVE-2021-37194 [HIGH] CWE-434 CVE-2021-37194: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow a

CVE-2021-37197 [HIGH] CWE-89 CVE-2021-37197: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitra

CVE-2021-37198 [HIGH] CWE-352 CVE-2021-37198: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this

CVE-2021-37196 [MEDIUM] CWE-23 CVE-2021-37196: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions = V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability

CVE-2021-37195 [MEDIUM] CWE-80 CVE-2021-37195: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to