CVE-2023-24482

Summary

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

Affected Software

VendorProductVersion RangeStatus
SiemensCOMOS V10.2All versionsaffected
SiemensCOMOS V10.3.3.1All versions < V10.3.3.1.45affected
SiemensCOMOS V10.3.3.2All versions < V10.3.3.2.33affected
SiemensCOMOS V10.3.3.3All versions < V10.3.3.3.9affected
SiemensCOMOS V10.3.3.4All versions < V10.3.3.4.6affected
SiemensCOMOS V10.4.0.0All versions < V10.4.0.0.31affected
SiemensCOMOS V10.4.1.0All versions < V10.4.1.0.32affected
SiemensCOMOS V10.4.2.0All versions < V10.4.2.0.25affected

Weaknesses

  • CWE-120: CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References