← Back to home
ICSA-13-233-01  ·  Published 2025-06-06  ·  View on CISA ICS-CERT ↗

Siemens COMOS Privilege Escalation Vulnerability

CVSS 7.2 HIGH

CVEs (1)

Remediations

  • Siemens provides the following updates for COMOS Versions 9.1, 9.2, and 10.0 that resolves this vulnerability: COMOS v9.1 use patch LyraUpdate458 (Update 458), COMOS v9.2 use patch V092_Upd06_Patch037 (9.2.0.6.37), COMOS v10.0 use patch V100_SP03_Patch019 (10.0.3.0.19)
  • The updates are available at the Siemens customer support site here: (http://support.automation.siemens.com/WW/view/en/77990225).
  • For further information, please find a description and release notes in the Siemens Security Advisory here: (http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-970879.pdf).

Affected Vendors

Siemens

Affected Products (4)

Siemens · COMOS <9.1
Siemens · COMOS 9.1 <LyraUpdate458_Update_458
Siemens · COMOS 9.2 <V092_Upd06_Patch037_9.2.0.6.37
Siemens · COMOS 10.0 <V100_SP03_Patch019_10.0.3.0.19

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more