CVE-2023-24482
CRITICALSiemens COMOS 10.2-10.3.3.1.45 - Buffer Overflow in Cache Validation Service
Title source: llmDescription
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.
References (1)
Core 1
Core References
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf
Scores
CVSS v3
10.0
EPSS
0.0081
EPSS Percentile
52.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-120
Status
published
Products (1)
siemens/comos
10.2 - 10.3.3.1.45
Published
Feb 14, 2023
Tracked Since
Feb 18, 2026