A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.
References
Link | Resource |
---|---|
https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: siemens
Published: 2022-01-11T11:27:13
Updated: 2022-04-12T09:07:15
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-37196
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-01-11T12:15:09.880
Modified: 2022-04-30T02:29:18.943
Link: CVE-2021-37196
JSON object: View
Redhat Information
No data.