Siemens Comos

31 CVEs affecting Siemens Comos. Latest disclosed: 2023-11-14. Critical: 6, High: 18.

Top CVEs affecting Siemens Comos
CVESeverityScorePublishedSummary
CVE-2023-24482Critical10.02023-02-14A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33)…
CVE-2021-44228Critical10.02021-12-10Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameter…
CVE-2023-46601Critical9.62023-11-14A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This cou…
CVE-2023-43505Critical9.62023-11-14A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares. This could allow an attacker…
CVE-2023-43504Critical9.62023-11-14A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is…
CVE-2021-45046Critical9.02021-12-14It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers wi…
CVE-2021-37198High8.82022-01-11A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components…
CVE-2021-37197High8.82022-01-11A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components…
CVE-2021-32952High7.82021-06-17An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validati…
CVE-2021-32948High7.82021-06-17An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper vali…
CVE-2021-32944High7.82021-06-17A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation…
CVE-2021-32936High7.82021-06-17An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper v…
CVE-2021-32946High7.82021-06-17An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from t…
CVE-2021-31784High7.82021-04-26An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms…
CVE-2021-25178High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists when the recover operation is r…
CVE-2021-25177High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This c…
CVE-2021-25176High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. Th…
CVE-2021-25175High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This…
CVE-2021-25174High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can…
CVE-2021-25173High7.82021-01-18An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malforme…