Описание
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 10.2 (включая)Версия от 10.3 (включая) до 10.3.3.3 (исключая)
Одно из
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:comos:10.4:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00436
Низкий
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-89
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
почти 4 года назад
A vulnerability has been identified in COMOS (All versions < V10.4.1). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.
EPSS
Процентиль: 63%
0.00436
Низкий
8.8 High
CVSS3
6 Medium
CVSS2
Дефекты
CWE-89
CWE-89