CVE-2021-37196: Path Traversal
First published: Tue Jan 11 2022(Updated: )
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.3 (All versions >= V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS unpacks specially crafted archive files to relative paths. This vulnerability could allow an attacker to store files in any folder accessible by the COMOS Web webservice.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens COMOS | <=10.2 | |
| Siemens COMOS | >=10.3<10.3.3.3 | |
| Siemens COMOS | =10.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-37196?
CVE-2021-37196 is a vulnerability identified in COMOS V10.2, COMOS V10.3, and COMOS V10.4 if web components are used.
What is the severity of CVE-2021-37196?
The severity of CVE-2021-37196 is medium (CVSS score 6.5).
Which versions of COMOS are affected by CVE-2021-37196?
COMOS V10.2, COMOS V10.3 (< V10.3.3.3), and COMOS V10.4 (< V10.4.1) are affected by CVE-2021-37196 if web components are used.
How can I fix CVE-2021-37196?
Apply the necessary updates or patches provided by Siemens to fix CVE-2021-37196.
Is there any additional information about CVE-2021-37196?
For more information about CVE-2021-37196, you can refer to the reference link: https://cert-portal.siemens.com/productcert/pdf/ssa-995338.pdf
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/tags
- vendor/siemens
- canonical/siemens comos
- version/siemens comos/10.2
- version/siemens comos/10.3
- version/siemens comos/10.4