Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Siemens Comos 代码问题漏洞
Vulnerability Description
Siemens Comos是德国西门子(Siemens)公司的一个工厂工程软件解决方案。用于过程工业。 Siemens Comos存在代码问题漏洞,该漏洞源于PDMS/E3D工程接口在与外部应用程序通信时不正确地处理XML外部实体(XXE)条目。攻击者利用该漏洞可以通过将恶意数据注入两个系统之间的通信通道来提取用户系统或可访问网络文件夹中具有已知位置的任何文件。
CVSS Information
N/A
Vulnerability Type
N/A