Shodan
Vulnerabilities
Vulnerable Software
Siemens:  Security Vulnerabilities
CVE-2021-37196
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-01-11
CVE-2021-37197
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS is vulnerable to SQL injections. This could allow an attacker to execute arbitrary SQL statements.
CVSS Score
8.8
EPSS Score
0.004
Published
2022-01-11
CVE-2021-37198
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS uses a flawed implementation of CSRF prevention. An attacker could exploit this vulnerability to perform cross-site request forgery attacks.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-01-11
CVE-2022-0155
follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor
CVSS Score
8.0
EPSS Score
0.013
Published
2022-01-10
CVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10
CVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-01-10
CVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.013
Published
2022-01-10
CVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10
CVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-01-10
CVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-01-10


Products
Pricing
Contact Us

Shodan ® - All rights reserved