CVE-2021-37195

6.1MEDIUM

Key Information:

Vendor: Siemens
Status: Comos V10.2; Comos V10.3; Comos V10.4
Vendor: CVE Published:; 11 January 2022

Summary

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

Affected Version(s)

COMOS V10.2 All versions only if web components are used

COMOS V10.3 All versions < V10.3.3.3 only if web components are used

COMOS V10.4 All versions < V10.4.1 only if web components are used

References

https://cert-portal.siemens.com/productcert/pdf/ssa-99533...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 11, 2022
Vulnerability Reserved
Jul 21, 2021