Vulnerabilities > Siemens > Comos > 10.3

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-43503 Cleartext Transmission of Sensitive Information vulnerability in Siemens Comos
A vulnerability has been identified in COMOS (All versions < V10.4.4).
network
low complexity
siemens CWE-319
7.5
2023-11-14 CVE-2023-43504 Unspecified vulnerability in Siemens Comos
A vulnerability has been identified in COMOS (All versions < V10.4.4).
network
low complexity
siemens
critical
9.8
2023-02-14 CVE-2023-24482 Unspecified vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25).
network
low complexity
siemens
critical
9.8
2022-02-09 CVE-2021-37194 Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-434
7.5
2022-01-11 CVE-2021-37195 Cross-site Scripting vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-79
6.1
2022-01-11 CVE-2021-37196 Path Traversal vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-22
6.5
2022-01-11 CVE-2021-37197 SQL Injection vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-89
8.8
2022-01-11 CVE-2021-37198 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-352
8.8
2021-12-10 CVE-2021-44228 Deserialization of Untrusted Data vulnerability in multiple products
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.
10.0
2021-06-17 CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens
7.8