ICSA-23-320-09 · Published 2023-11-14 · View on CISA ICS-CERT ↗

Siemens COMOS

CVSS 9.8 CRITICAL

CVEs (16)

CVE-2020-25020 CVE-2020-35460 CVE-2022-23095 CVE-2022-28807 CVE-2022-28808 CVE-2022-28809 CVE-2023-0933 CVE-2023-1530 CVE-2023-2931 CVE-2023-2932 CVE-2023-22669 CVE-2023-22670 CVE-2023-43503 CVE-2023-43504 CVE-2023-43505 CVE-2023-46601

Remediations

Ensure all files imported into COMOS originate from a trusted source and transmitted are over secure channels
Update to V10.4.4 or later version
For CVE-2023-43503, update to V10.4.4 or later version and update the COMOS database to version 25. (See “Data maintenance: Modifying the version” in the user manual. Warning: After the update, the database cannot be used by older COMOS versions)
For CVE-2023-43504, delete ptmcast.exe from bin folder of COMOS installation directory. Installations from COMOS V10.4.4 or later version does not contain ptmcast.exe
CVE-2023-43505, CVE-2023-46601: Use an application server like Citrix which builds an additional layer of access control around COMOS. The file share with the documents folder and the database should be only accessible by the application server. You can find further recommendations in the COMOS manual “Securityrelevant configuration” in COMOS documentation ( https://support.industry.siemens.com/cs/document/109823629/)
Currently no fix is planned

Affected Vendors

Siemens

Affected Products (2)

Siemens · COMOS <V10.4.4

Siemens · COMOS vers:all/*

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more