CVE-2023-46601
First published: Tue Nov 14 2023(Updated: )
A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.
Credit: productcert@siemens.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Siemens COMOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2023-46601?
The severity of CVE-2023-46601 is critical with a severity value of 9.6.
What is the affected software for CVE-2023-46601?
The affected software for CVE-2023-46601 is Siemens COMOS.
What is the vulnerability description of CVE-2023-46601?
CVE-2023-46601 is a vulnerability in COMOS that lacks proper access controls in making the SQLServer connection, allowing attackers to query the database directly and access unauthorized information.
How can I fix CVE-2023-46601?
To fix CVE-2023-46601, it is recommended to apply the necessary updates or patches provided by Siemens.
Where can I find more information about CVE-2023-46601?
More information about CVE-2023-46601 can be found at the Siemens CERT-Portal website: https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf
- collector/mitre-cve
- collector/nvd-api
- agent/weakness
- agent/event
- vendor/siemens
- canonical/siemens comos