Siemens Comos V10.4 vulnerabilities
5 known vulnerabilities affecting siemens/comos_v10.4.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2021-37194HIGHCVSS 7.5vAll versions < V10.4.1 only if web components are used2022-02-09
CVE-2021-37194 [HIGH] CWE-434 CVE-2021-37194: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow a
cvelistv5nvd
CVE-2021-37197HIGHCVSS 8.8vAll versions < V10.4.1 only if web components are used2022-01-11
CVE-2021-37197 [HIGH] CWE-89 CVE-2021-37197: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitra
cvelistv5nvd
CVE-2021-37198HIGHCVSS 8.8vAll versions < V10.4.1 only if web components are used2022-01-11
CVE-2021-37198 [HIGH] CWE-352 CVE-2021-37198: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this
cvelistv5nvd
CVE-2021-37196MEDIUMCVSS 6.5vAll versions < V10.4.1 only if web components are used2022-01-11
CVE-2021-37196 [MEDIUM] CWE-23 CVE-2021-37196: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions = V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability
cvelistv5nvd
CVE-2021-37195MEDIUMCVSS 6.1vAll versions < V10.4.1 only if web components are used2022-01-11
CVE-2021-37195 [MEDIUM] CWE-80 CVE-2021-37195: A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), C
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to
cvelistv5nvd