var-202201-0867
Vulnerability from variot
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. COMOS Exists in a past traversal vulnerability.Information may be tampered with. Siemens Comos is a plant engineering software solution from Siemens AG in Germany. For the process industry
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202201-0867", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "comos", "scope": "gte", "trust": 1.0, "vendor": "siemens", "version": "10.3" }, { "model": "comos", "scope": "lte", "trust": 1.0, "vendor": "siemens", "version": "10.2" }, { "model": "comos", "scope": "eq", "trust": 1.0, "vendor": "siemens", "version": "10.4" }, { "model": "comos", "scope": "lt", "trust": 1.0, "vendor": "siemens", "version": "10.3.3.3" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "10.4 that\u0027s all 10.4.1" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "10.3 that\u0027s all 10.3.3.3" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "10.2" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": null }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9", "version": "10.3" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.2", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.3.3.3", "versionStartIncluding": "10.3", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:siemens:comos:10.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-37196" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Sandro Poppi reported these vulnerabilities to Siemens.", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-863" } ], "trust": 0.6 }, "cve": "CVE-2021-37196", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "impactScore": 2.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "Single", "author": "NVD", "availabilityImpact": "None", "baseScore": 3.5, "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-37196", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Low", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "author": "VULHUB", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "exploitabilityScore": 6.8, "id": "VHN-399027", "impactScore": 2.9, "integrityImpact": "PARTIAL", "severity": "LOW", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.5, "baseSeverity": "Medium", "confidentialityImpact": "None", "exploitabilityScore": null, "id": "CVE-2021-37196", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "Low", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-37196", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202201-863", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-399027", "trust": 0.1, "value": "LOW" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-399027" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" }, { "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions \u003c V10.3.3.3 only if web components are used), COMOS V10.3 (All versions \u003e= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions \u003c V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice. COMOS Exists in a past traversal vulnerability.Information may be tampered with. Siemens Comos is a plant engineering software solution from Siemens AG in Germany. For the process industry", "sources": [ { "db": "NVD", "id": "CVE-2021-37196" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "VULHUB", "id": "VHN-399027" } ], "trust": 1.71 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-37196", "trust": 3.3 }, { "db": "SIEMENS", "id": "SSA-995338", "trust": 1.7 }, { "db": "ICS CERT", "id": "ICSA-22-013-05", "trust": 1.4 }, { "db": "JVN", "id": "JVNVU98508242", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2022-002938", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-202201-863", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2022011801", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.0602", "trust": 0.6 }, { "db": "CNVD", "id": "CNVD-2022-02746", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-399027", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-399027" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" }, { "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "id": "VAR-202201-0867", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-399027" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:44:56.116000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-995338", "trust": 0.8, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf" }, { "title": "Siemens Comos Repair measures for path traversal vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=181463" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-22", "trust": 1.1 }, { "problemtype": "Path traversal (CWE-22) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "VULHUB", "id": "VHN-399027" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf" }, { "trust": 1.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-37196" }, { "trust": 0.8, "url": "https://jvn.jp/vu/jvnvu98508242/index.html" }, { "trust": 0.8, "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-013-05" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022011801" }, { "trust": 0.6, "url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-013-05" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.0602" } ], "sources": [ { "db": "VULHUB", "id": "VHN-399027" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" }, { "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-399027" }, { "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "db": "NVD", "id": "CVE-2021-37196" }, { "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-01-11T00:00:00", "db": "VULHUB", "id": "VHN-399027" }, { "date": "2023-01-31T00:00:00", "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "date": "2022-01-11T12:15:09.880000", "db": "NVD", "id": "CVE-2021-37196" }, { "date": "2022-01-11T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2022-04-30T00:00:00", "db": "VULHUB", "id": "VHN-399027" }, { "date": "2023-01-31T02:11:00", "db": "JVNDB", "id": "JVNDB-2022-002938" }, { "date": "2022-04-30T02:29:18.943000", "db": "NVD", "id": "CVE-2021-37196" }, { "date": "2022-05-05T00:00:00", "db": "CNNVD", "id": "CNNVD-202201-863" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-863" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "COMOS\u00a0 Past traversal vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2022-002938" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "path traversal", "sources": [ { "db": "CNNVD", "id": "CNNVD-202201-863" } ], "trust": 0.6 } }
Loading...