cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-54005,https://securityvulnerability.io/vulnerability/CVE-2024-54005,COMOS PDMS/E3D Interface Vulnerability Could Allow File Extraction,"A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.",Siemens,"Comos V10.3,Comos V10.4.0,Comos V10.4.1,Comos V10.4.2,Comos V10.4.3,Comos V10.4.4,Comos V10.4.4.1",5.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-12-10T13:54:15.994Z,0
CVE-2024-49704,https://securityvulnerability.io/vulnerability/CVE-2024-49704,COMOS XML External Entity Vulnerability,"A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.",Siemens,"Comos V10.3,Comos V10.4.0,Comos V10.4.1,Comos V10.4.2,Comos V10.4.3,Comos V10.4.4,Comos V10.4.4.1",5.5,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-12-10T13:53:54.522Z,0
CVE-2023-46601,https://securityvulnerability.io/vulnerability/CVE-2023-46601,Improper Access Control in COMOS Application by Siemens,"A vulnerability exists in Siemens' COMOS application where improper access controls during SQLServer connection setup could be exploited by an attacker. This weakness enables unauthorized querying of the database, leading to potential exposure of sensitive user data. Organizations using the COMOS application should implement necessary access controls to mitigate risks and protect critical information.",Siemens,COMOS,7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2023-11-14T11:15:00.000Z,0
CVE-2023-43503,https://securityvulnerability.io/vulnerability/CVE-2023-43503,Caching System Vulnerability in Siemens COMOS Software,"A significant vulnerability has been discovered in the caching system of Siemens COMOS software, affecting all versions prior to V10.4.4. This issue allows the leakage of sensitive information, including user and project data, in cleartext through UDP protocols. Organizations using affected versions are urged to take immediate action to mitigate potential data exposure risks.",Siemens,COMOS,7.5,HIGH,0.001019999966956675,false,,false,false,false,,,false,false,,2023-11-14T11:15:00.000Z,0
CVE-2023-43504,https://securityvulnerability.io/vulnerability/CVE-2023-43504,Buffer Overflow Vulnerability in COMOS by Siemens,"A buffer overflow vulnerability exists in the Ptmcast executable of Siemens COMOS versions prior to V10.4.4. This flaw occurs during the testing of the cache validation service, potentially enabling an attacker to execute arbitrary code on affected systems or trigger a denial of service condition. Users are advised to apply the appropriate patches and updates to mitigate potential risks associated with this vulnerability.",Siemens,COMOS,9.8,CRITICAL,0.0021100000012665987,false,,false,false,false,,,false,false,,2023-11-14T11:15:00.000Z,0
CVE-2023-43505,https://securityvulnerability.io/vulnerability/CVE-2023-43505,Access Control Vulnerability in COMOS by Siemens,"A significant access control vulnerability has been discovered in COMOS across all versions. The application inadequately implements access controls for SMB shares, which can potentially allow unauthorized users to access files that are meant to be restricted. This security flaw raises concerns about data privacy and integrity, as malicious actors may exploit this weakness to retrieve sensitive information. Organizations using COMOS are advised to review their security configurations and implement appropriate measures to mitigate potential risks.",Siemens,COMOS,6.5,MEDIUM,0.0005499999970197678,false,,false,false,false,,,false,false,,2023-11-14T11:15:00.000Z,0
CVE-2023-24482,https://securityvulnerability.io/vulnerability/CVE-2023-24482,Buffer Overflow Vulnerability in COMOS by Siemens,"A vulnerability exists in the cache validation service of COMOS software, which is susceptible to a Structured Exception Handler (SEH) based buffer overflow. An attacker could exploit this vulnerability to execute arbitrary code on impacted systems or potentially induce a denial of service condition, leading to significant disruption in operations. Users of various COMOS versions should immediately evaluate their current systems and apply necessary patches to mitigate risks associated with this vulnerability.",Siemens,"COMOS V10.2,COMOS V10.3.3.1,COMOS V10.3.3.2,COMOS V10.3.3.3,COMOS V10.3.3.4,COMOS V10.4.0.0,COMOS V10.4.1.0,COMOS V10.4.2.0",9.8,CRITICAL,0.0022499999031424522,false,,false,false,false,,,false,false,,2023-02-14T11:15:00.000Z,0
CVE-2021-37194,https://securityvulnerability.io/vulnerability/CVE-2021-37194,File Upload Vulnerability in COMOS Product Line by Siemens,"A vulnerability has been found in the COMOS web component that permits malicious users to upload and store arbitrary files on the web server. This flaw affects several versions of the COMOS product line, specifically those utilizing web components, potentially allowing unauthorized actions and exploitation of the affected servers.",Siemens,"Comos V10.2,Comos V10.3,Comos V10.4",7.5,HIGH,0.0007300000288523734,false,,false,false,false,,,false,false,,2022-02-09T15:16:48.000Z,0
CVE-2021-37198,https://securityvulnerability.io/vulnerability/CVE-2021-37198,Cross-Site Request Forgery Vulnerability in COMOS by Siemens,"A vulnerability exists in the COMOS web components, impacting various versions of COMOS V10.2, V10.3, and V10.4 when web components are employed. This vulnerability arises from an inadequate implementation of CSRF prevention measures, enabling attackers to execute unauthorized commands on behalf of authenticated users. As a result, there is a potential risk for sensitive data exposure and unauthorized actions within the system.",Siemens,"Comos V10.2,Comos V10.3,Comos V10.4",8.8,HIGH,0.0006399999838322401,false,,false,false,false,,,false,false,,2022-01-11T11:27:15.000Z,0
CVE-2021-37197,https://securityvulnerability.io/vulnerability/CVE-2021-37197,SQL Injection Vulnerability in COMOS Web Components by Siemens,"A vulnerability exists in the web components of Siemens COMOS, affecting version V10.2 and certain earlier versions of V10.3 and V10.4. This security flaw allows an attacker to perform SQL injection, potentially enabling unauthorized execution of SQL commands against the database. Such exploitation could lead to unauthorized data access or even manipulation, posing significant risks to system integrity and confidentiality. Users of the affected versions are strongly encouraged to implement security measures to safeguard their systems against such threats.",Siemens,"Comos V10.2,Comos V10.3,Comos V10.4",8.8,HIGH,0.0007699999841861427,false,,false,false,false,,,false,false,,2022-01-11T11:27:14.000Z,0
CVE-2021-37196,https://securityvulnerability.io/vulnerability/CVE-2021-37196,Web Component Vulnerability in COMOS Products by Siemens,"A vulnerability exists in the web components of COMOS that allows specially crafted archive files to be unpacked to relative paths. An attacker could exploit this flaw to store files in any directory accessible by the COMOS Web service, potentially leading to unauthorized access or data exposure.",Siemens,"Comos V10.2,Comos V10.3,Comos V10.4",6.5,MEDIUM,0.0006300000241026282,false,,false,false,false,,,false,false,,2022-01-11T11:27:13.000Z,0
CVE-2021-37195,https://securityvulnerability.io/vulnerability/CVE-2021-37195,Web Component Code Injection Vulnerability in Siemens COMOS Software,"The COMOS software's web component allows users to attach files to tasks, but it suffers from a vulnerability that permits the injection of arbitrary code. This can lead to the execution of malicious code whenever an attachment is opened, posing a significant security risk to users unknowingly executing compromised files.",Siemens,"Comos V10.2,Comos V10.3,Comos V10.4",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-01-11T11:27:13.000Z,0
CVE-2013-6840,https://securityvulnerability.io/vulnerability/CVE-2013-6840,,"Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.",Siemens,Comos,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-12-10T15:00:00.000Z,0
CVE-2013-4943,https://securityvulnerability.io/vulnerability/CVE-2013-4943,,"The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.",Siemens,Comos,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-08-09T19:55:00.000Z,0
CVE-2013-3927,https://securityvulnerability.io/vulnerability/CVE-2013-3927,,Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.,Siemens,Comos,,,0.0004199999966658652,false,,false,false,false,,,false,false,,2013-06-18T18:55:00.000Z,0
CVE-2012-3009,https://securityvulnerability.io/vulnerability/CVE-2012-3009,,"Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.",Siemens,Comos,,,0.0019600000232458115,false,,false,false,false,,,false,false,,2012-08-16T10:38:00.000Z,0