Lucene search

SiemensCVELIST:CVE-2021-37194

HistoryFeb 09, 2022 - 3:16 p.m.

CVE-2021-37194

2022-02-0915:16:48

CWE-434

siemens

www.cve.org

cve-2021-37194

comos

web component

file upload

malicious files

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

31.8%

JSON

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files.

CNA Affected

[
  {
    "product": "COMOS V10.2",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions only if web components are used"
      }
    ]
  },
  {
    "product": "COMOS V10.3",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V10.3.3.3 only if web components are used"
      }
    ]
  },
  {
    "product": "COMOS V10.4",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions < V10.4.1 only if web components are used"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf