Siemens COMOS Privilege Escalation

CVEs (1)

Remediations

• Siemens provides the following updates for COMOS Versions 9.2, 10.0 and 10.1 that resolves this vulnerability: COMOS 9.2: V092_Upd08_Patch001 (9.2.0.8.1), COMOS 10.0: V100_SP03_Upd01_Patch040 (10.0.3.1.40), COMOS 10.1: V101_Patch002 (10.1.0.0.2)
• Siemens recommends installing the updates as soon as possible. These updates are available at the Siemens customer support site here: (http://support.automation.siemens.com/WW/view/en/16605032)
• For further information, please find a description and release notes in the Siemens Security Advisory here: (http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf)
• Users of older versions of COMOS should upgrade to the supported versions.
• As a further mitigation measure Siemens strongly recommends to protect the Windows systems against unauthorized access with appropriate measures.
• In general, Siemens strongly recommends to protect systems according to recommended security practices and to configure the environment according to operational guidelines in order to run the affected software components in a protected IT environment.

Affected Vendors

Affected Products (4)