A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
30 Apr 2022, 02:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 6.5 |
CPE | cpe:2.3:a:siemens:comos:10.4:*:*:*:*:*:*:* |
12 Apr 2022, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. |
09 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. |
14 Jan 2022, 02:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | |
First Time |
Siemens comos
Siemens |
|
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CWE | CWE-22 | |
References | (MISC) https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf - Patch, Vendor Advisory |
11 Jan 2022, 12:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-01-11 12:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-37196
Mitre link : CVE-2021-37196
CVE.ORG link : CVE-2021-37196
JSON object : View
Products Affected
siemens
- comos