PT-2022-10639 · Siemens · Comos

Published

2022-01-11

Updated

2022-04-29

CVE-2021-37195

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions COMOS versions V10.2 through V10.4.1, but only if web components are used, specifically: COMOS V10.2 COMOS versions V10.3 through V10.3.3.2 COMOS versions V10.4 through V10.4.0

Description A vulnerability has been identified in the COMOS Web component, which accepts arbitrary code as an attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment.

Recommendations For COMOS V10.2, consider disabling the web component until a patch is available. For COMOS versions V10.3 through V10.3.3.2, consider disabling the web component until a patch is available. For COMOS versions V10.4 through V10.4.0, consider disabling the web component until a patch is available.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-80

Related Identifiers

CVE-2021-37195

Affected Products

Comos

PT-2022-10639 · Siemens · Comos

CVE-2021-37195

Weakness Enumeration

Related Identifiers

Affected Products

References · 4