SSA-155599 V1.0: File Parsing Vulnerabilities in COMOS

Risk Summary

<p>COMOS uses Drawings SDK from Open Design Alliance that is affected by multiple vulnerabilities that could be triggered when the application reads files in DGN, DXF or DWG file formats. If a user is tricked to open a malicious file with the affected application, an attacker could leverage the vulnerability to leak information or potentially perform remote code execution in the context of the current process.</p> <p>Siemens has released an update for the COMOS and recommends to update to the latest version.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)