Siemens Comos
31 CVEs affecting Siemens Comos. Latest disclosed: 2023-11-14. Critical: 6, High: 18.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-24482 | Critical | 10.0 | 2023-02-14 | A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33)… |
CVE-2021-44228 | Critical | 10.0 | 2021-12-10 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter… |
CVE-2023-46601 | Critical | 9.6 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This cou… |
CVE-2023-43505 | Critical | 9.6 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker… |
CVE-2023-43504 | Critical | 9.6 | 2023-11-14 | A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is… |
CVE-2021-45046 | Critical | 9.0 | 2021-12-14 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers wi… |
CVE-2021-37198 | High | 8.8 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components… |
CVE-2021-37197 | High | 8.8 | 2022-01-11 | A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components… |
CVE-2021-32952 | High | 7.8 | 2021-06-17 | An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validati… |
CVE-2021-32948 | High | 7.8 | 2021-06-17 | An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper vali… |
CVE-2021-32944 | High | 7.8 | 2021-06-17 | A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation… |
CVE-2021-32936 | High | 7.8 | 2021-06-17 | An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper v… |
CVE-2021-32946 | High | 7.8 | 2021-06-17 | An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from t… |
CVE-2021-31784 | High | 7.8 | 2021-04-26 | An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms… |
CVE-2021-25178 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is r… |
CVE-2021-25177 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This c… |
CVE-2021-25176 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. Th… |
CVE-2021-25175 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This… |
CVE-2021-25174 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can… |
CVE-2021-25173 | High | 7.8 | 2021-01-18 | An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malforme… |