Vulnerabilities > Siemens > Comos > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-14 | CVE-2023-43505 | Improper Access Control vulnerability in Siemens Comos A vulnerability has been identified in COMOS (All versions). | 6.5 |
| 2022-02-09 | CVE-2021-37194 | Unrestricted Upload of File with Dangerous Type vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 5.0 |
| 2022-01-11 | CVE-2021-37197 | SQL Injection vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 6.0 |
| 2022-01-11 | CVE-2021-37198 | Cross-Site Request Forgery (CSRF) vulnerability in Siemens Comos A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). | 5.1 |
| 2021-06-17 | CVE-2021-32944 | Use After Free vulnerability in multiple products A use-after-free issue exists in the DGN file-reading procedure in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. | 6.8 |
| 2021-06-17 | CVE-2021-32950 | Out-of-bounds Read vulnerability in multiple products An out-of-bounds read issue exists within the parsing of DXF files in the Drawings SDK (All versions prior to 2022.4) resulting from the lack of proper validation of user-supplied data. | 5.8 |
| 2021-06-17 | CVE-2021-32952 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue exists in the DGN file-reading procedure in the Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of user-supplied data. | 6.8 |
| 2021-06-17 | CVE-2021-32946 | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products An improper check for unusual or exceptional conditions issue exists within the parsing DGN files from Drawings SDK (Version 2022.4 and prior) resulting from the lack of proper validation of the user-supplied data. | 6.8 |
| 2021-04-26 | CVE-2021-31784 | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. | 6.8 |
| 2021-01-18 | CVE-2021-25178 | Out-of-bounds Write vulnerability in multiple products An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. | 6.8 |