CVE-2021-37196 Information

Jun 07, 2022 cve

Description

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used) COMOS V10.3 (All versions < V10.3.3.3 only if web components are used) COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used) COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5

Share on: