CVE-2021-37198

Summary

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks.

Affected Software

VendorProductVersion RangeStatus
SiemensCOMOS V10.2All versions only if web components are usedaffected
SiemensCOMOS V10.3All versions < V10.3.3.3 only if web components are usedaffected
SiemensCOMOS V10.4All versions < V10.4.1 only if web components are usedaffected

Weaknesses

  • CWE-352: CWE-352: Cross-Site Request Forgery (CSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References