threat
engine
.sh
Back
·
··:··
Home
/
Product
/
siemens comos
Product
siemens comos
31 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-46601
all versions
A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the S
9.6
CRITICAL
CVE-2023-43505
all versions
A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in SMB shares.
9.6
CRITICAL
CVE-2023-43504
< 10.4.4
A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation servic
9.6
CRITICAL
CVE-2023-43503
< 10.4.4
A vulnerability has been identified in COMOS (All versions < V10.4.4). Caching system in the affected application leaks sensitive
3.5
LOW
CVE-2023-24482
>= 10.2 and < 10.3.3.1.45
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2
10.0
CRITICAL
CVE-2021-37194
>= 10.3 and < 10.3.3.3
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10
7.5
HIGH
CVE-2021-37198
<= 10.2
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10
8.8
HIGH
CVE-2021-37197
<= 10.2
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10
8.8
HIGH
CVE-2021-37196
<= 10.2
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10
6.5
MEDIUM
CVE-2021-37195
<= 10.2
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10
6.1
MEDIUM
CVE-2021-45046
all versions
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. T
9.0
CRITICAL
CVE-2021-44228
< 10.4.2
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration
10.0
CRITICAL
CVE-2021-32952
< 10.4.1
An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting fro
7.8
HIGH
CVE-2021-32950
< 10.4.1
An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting fr
7.1
HIGH
CVE-2021-32948
< 10.4.1
An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting
7.8
HIGH
CVE-2021-32944
< 10.4.1
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from
7.8
HIGH
CVE-2021-32940
< 10.4.1
An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulti
7.1
HIGH
CVE-2021-32938
< 10.4.1
Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the
7.1
HIGH
CVE-2021-32936
< 10.4.1
An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) result
7.8
HIGH
CVE-2021-32946
< 10.4.1
An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.
7.8
HIGH
CVE-2021-31784
< 10.4.1
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on al
7.8
HIGH
CVE-2021-25178
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A stack-based buffer overflow vulnerability exists wh
7.8
HIGH
CVE-2021-25177
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malforme
7.8
HIGH
CVE-2021-25176
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malf
7.8
HIGH
CVE-2021-25175
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malform
7.8
HIGH
CVE-2021-25174
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading
7.8
HIGH
CVE-2021-25173
< 10.4.1
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability
7.8
HIGH
CVE-2013-6840
all versions
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges
CVE-2013-4943
all versions
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local use
CVE-2013-3927
all versions
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local use
CVE-2012-3009
<= 9.1
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin