Caching System Vulnerability in Siemens COMOS Software
CVE-2023-43503

7.5HIGH

Key Information:

Vendor: Siemens
Status: COMOS
Vendor: CVE Published:; 14 November 2023

Summary

A significant vulnerability has been discovered in the caching system of Siemens COMOS software, affecting all versions prior to V10.4.4. This issue allows the leakage of sensitive information, including user and project data, in cleartext through UDP protocols. Organizations using affected versions are urged to take immediate action to mitigate potential data exposure risks.

Affected Version(s)

COMOS All versions < V10.4.4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-13790...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 14, 2023
Vulnerability Reserved
Sep 19, 2023