As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v4 5.9
- ATTENTION: Low Attack Complexity
- Vendor: Siemens
- Equipment: COMOS
- Vulnerabilities: Improper Restriction of XML External Entity Reference
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to extract arbitrary application files.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- COMOS V10.4.0: All versions
- COMOS V10.4.1: All versions
- COMOS V10.4.2: All versions
- COMOS V10.4.3: Versions prior to V10.4.3.0.47
- COMOS V10.4.4: Versions prior to V10.4.4.2
- COMOS V10.4.4.1: Versions prior to V10.4.4.1.21
- COMOS V10.3: Versions prior to V10.3.3.5.8
3.2 Vulnerability Overview
3.2.1 IMPROPER RESTRICTION OF XML EXTERNAL ENTITY REFERENCE CWE-611
The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user’s system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.
CVE-2024-49704 has been assigned to this vulnerability. A CVSS v3 base sco
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: