PT-2022-10638 · Siemens · Comos
Published
2022-02-09
·
Updated
2022-05-13
·
CVE-2021-37194
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
COMOS versions 10.2 through 10.2 (if web components are used)
COMOS versions 10.3 through 10.3.3.2 (if web components are used)
COMOS versions 10.4 through 10.4.0 (if web components are used)
Description
A vulnerability has been identified in the COMOS Web component, allowing an attacker to upload and store arbitrary files at the web server. This could enable an attacker to store malicious files.
Recommendations
For COMOS version 10.2, update to a version where web components are not used or ensure proper validation of uploaded files.
For COMOS versions 10.3 through 10.3.3.2, update to version 10.3.3.3 or later, or ensure proper validation of uploaded files.
For COMOS versions 10.4 through 10.4.0, update to version 10.4.1 or later, or ensure proper validation of uploaded files.
As a temporary workaround, consider disabling the web component until a patch is available.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Comos