CVE-2023-24482

CRITICAL

Siemens COMOS 10.2-10.3.3.1.45 - Buffer Overflow in Cache Validation Service

Title source: llm
STIX 2.1

Description

A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

References (1)

Core 1

Scores

CVSS v3 10.0
EPSS 0.0081
EPSS Percentile 52.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-120
Status published
Products (1)
siemens/comos 10.2 - 10.3.3.1.45
Published Feb 14, 2023
Tracked Since Feb 18, 2026