PT-2022-10642 · Siemens · Comos

Published

2022-01-11

Updated

2022-04-30

CVE-2021-37198

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions COMOS versions V10.2 through V10.4.1, but only if web components are used, specifically: COMOS V10.2 COMOS versions V10.3 through V10.3.3.2 COMOS versions V10.4 through V10.4.0

Description A vulnerability has been identified in the COMOS Web component, which uses a flawed implementation of CSRF prevention. This allows an attacker to perform cross-site request forgery attacks.

Recommendations For COMOS V10.2, update to a version that includes the fixed web component or ensure web components are not used. For COMOS versions V10.3 through V10.3.3.2, update to V10.3.3.3 or later, or ensure web components are not used. For COMOS versions V10.4 through V10.4.0, update to V10.4.1 or later, or ensure web components are not used.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2021-37198

Affected Products

Comos

PT-2022-10642 · Siemens · Comos

CVE-2021-37198

Weakness Enumeration

Related Identifiers

Affected Products

References · 4