Description
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-970879.pdf
Scores
EPSS
0.0004
EPSS Percentile
13.8%
Details
CWE
CWE-264
Status
published
Products (3)
siemens/comos
9.1
siemens/comos
9.2
siemens/comos
10.0
Published
Aug 09, 2013
Tracked Since
Feb 18, 2026