ICSA-22-013-05
·
Published 2025-05-06
·
View on CISA ICS-CERT ↗
Siemens COMOS Web (Update A)
CVSS 8.8
HIGH
Remediations
- Currently no fix is planned
- Update to V10.3.3.3 or later version
- Update to V10.4.1 or later version
- For COMOS V10.4.1 / V10.3.3.3 and CVE-2021-37194: Use the new whitelisting feature, to specify the filetypes that are allowed to be uploaded
- CVE-2021-37196 can be mitigated in all versions by making the root directory of the web server read only
Affected Vendors
Siemens
Affected Products (4)
Siemens
·
COMOS V10.2
All_versions_only_if_web_components_are_used
Siemens
·
COMOS V10.3
<V10.3.3.3_only_if_web_components_are_used
Siemens
·
COMOS V10.3
>=V10.3.3.3_only_if_web_components_are_used
Siemens
·
COMOS V10.4
<V10.4.1_only_if_web_components_are_used
Affected Sectors
Multiple
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more