Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Siemens Comos 代码问题漏洞
Vulnerability Description
Siemens Comos是德国西门子(Siemens)公司的一个工厂工程软件解决方案。用于过程工业。 Siemens Comos存在代码问题漏洞,该漏洞源于通用数据映射器、工程适配器和工程接口在解析配置和映射文件时不正确地处理XML外部实体(XXE)条目。攻击者利用该漏洞可以通过诱使用户在受影响的组件之一中使用恶意制作的配置或映射文件来提取用户系统或可访问网络文件夹中具有已知位置的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A