CVE-2023-24482
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in COMOS V10.2 (All versions), COMOS V10.3.3.1 (All versions < V10.3.3.1.45), COMOS V10.3.3.2 (All versions < V10.3.3.2.33), COMOS V10.3.3.3 (All versions < V10.3.3.3.9), COMOS V10.3.3.4 (All versions < V10.3.3.4.6), COMOS V10.4.0.0 (All versions < V10.4.0.0.31), COMOS V10.4.1.0 (All versions < V10.4.1.0.32), COMOS V10.4.2.0 (All versions < V10.4.2.0.25). Cache validation service in COMOS is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.
Overview
- CVE ID
- CVE-2023-24482
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Analyzed
- Published Version
- 2023-02-14T11:15:14
- Last Modified Date
- 2023-02-22T15:43:48
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.2 | 10.3.3.1.45 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.3.3.2 | 10.3.3.2.33 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.3.3.3 | 10.3.3.3.9 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.3.3.4 | 10.3.3.4.6 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.4.0.0 | 10.4.0.0.31 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.4.1.0 | 10.4.1.0.32 |
| cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:* | 1 | OR | 10.4.2.0 | 10.4.2.0.25 |
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf | Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-24482 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24482 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2023-04-17 07:41:10 | Added to TrackCVE | |||
| 2023-04-17 07:41:11 | Weakness Enumeration | new |