PT-2022-10640 · Siemens · Comos

Published

2022-01-11

Updated

2022-04-30

CVE-2021-37196

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions COMOS versions prior to 10.4.1

Description A vulnerability has been identified in the COMOS Web component, which unpacks specially crafted archive files to relative paths. This could allow an attacker to store files in any folder accessible by the COMOS Web webservice.

Recommendations For COMOS versions prior to 10.4.1, update to version 10.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the COMOS Web component to minimize the risk of exploitation.

Fix

Relative Path Traversal

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23CWE-22

Related Identifiers

CVE-2021-37196

Affected Products

Comos

PT-2022-10640 · Siemens · Comos

CVE-2021-37196

Weakness Enumeration

Related Identifiers

Affected Products

References · 4