Vulnerabilities > Siemens > Comos > High

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-43503 Cleartext Transmission of Sensitive Information vulnerability in Siemens Comos
A vulnerability has been identified in COMOS (All versions < V10.4.4).
network
low complexity
siemens CWE-319
7.5
7.5
2023-11-14 CVE-2023-46601 Unspecified vulnerability in Siemens Comos
A vulnerability has been identified in COMOS (All versions).
network
low complexity
siemens
7.5
7.5
2022-02-09 CVE-2021-37194 Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-434
7.5
7.5
2022-01-11 CVE-2021-37197 SQL Injection vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-89
8.8
8.8
2022-01-11 CVE-2021-37198 Cross-Site Request Forgery (CSRF) vulnerability in Siemens Comos
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).
network
low complexity
siemens CWE-352
8.8
8.8
2021-06-17 CVE-2021-32936 An out-of-bounds write issue exists in the DXF file-recovering procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens
7.8
7.8
2021-06-17 CVE-2021-32938 Drawings SDK (All versions prior to 2022.4) are vulnerable to an out-of-bounds read due to parsing of DWG files resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens
7.1
7.1
2021-06-17 CVE-2021-32940 An out-of-bounds read issue exists in the DWG file-recovering procedure in the Drawings SDK (All versions prior to 2022.5) resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens
7.1
7.1
2021-06-17 CVE-2021-32944 Use After Free vulnerability in multiple products
A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens CWE-416
7.8
7.8
2021-06-17 CVE-2021-32948 An out-of-bounds write issue exists in the DWG file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data.
local
low complexity
opendesign siemens
7.8
7.8