cnvd - cnvd-2024-47912

cnvd-2024-47912

Vulnerability from cnvd

Title: Siemens COMOS XXE注入漏洞

Description:

COMOS是一个用于协同工厂设计、运营和管理的统一数据平台，支持在整个工厂生命周期内收集、处理、保存和分发信息。

Siemens COMOS存在XXE注入漏洞，攻击者可利用该漏洞通过说服用户在受影响的组件之一中使用恶意构建的配置或映射文件，提取用户系统上已知位置或可访问网络文件夹上的任何文件。

Severity: 中

Patch Name: Siemens COMOS XXE注入漏洞的补丁

Patch Description:

COMOS是一个用于协同工厂设计、运营和管理的统一数据平台，支持在整个工厂生命周期内收集、处理、保存和分发信息。

Siemens COMOS存在XXE注入漏洞，攻击者可利用该漏洞通过说服用户在受影响的组件之一中使用恶意构建的配置或映射文件，提取用户系统上已知位置或可访问网络文件夹上的任何文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

用户可参考如下供应商提供的安全公告获得补丁信息： https://cert-portal.siemens.com/productcert/html/ssa-701627.html

Reference: https://cert-portal.siemens.com/productcert/html/ssa-701627.html

Impacted products

Name
['Siemens COMOS V10.3 <V10.3.3.5.8', 'Siemens COMOS V10.4.0', 'Siemens COMOS V10.4.1', 'Siemens COMOS V10.4.2', 'Siemens COMOS V10.4.3 <V10.4.3.0.47', 'Siemens COMOS V10.4.4 <V10.4.4.2', 'Siemens COMOS V10.4.4.1 <V10.4.4.1.21']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-49704"
    }
  },
  "description": "COMOS\u662f\u4e00\u4e2a\u7528\u4e8e\u534f\u540c\u5de5\u5382\u8bbe\u8ba1\u3001\u8fd0\u8425\u548c\u7ba1\u7406\u7684\u7edf\u4e00\u6570\u636e\u5e73\u53f0\uff0c\u652f\u6301\u5728\u6574\u4e2a\u5de5\u5382\u751f\u547d\u5468\u671f\u5185\u6536\u96c6\u3001\u5904\u7406\u3001\u4fdd\u5b58\u548c\u5206\u53d1\u4fe1\u606f\u3002\n\nSiemens COMOS\u5b58\u5728XXE\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8bf4\u670d\u7528\u6237\u5728\u53d7\u5f71\u54cd\u7684\u7ec4\u4ef6\u4e4b\u4e00\u4e2d\u4f7f\u7528\u6076\u610f\u6784\u5efa\u7684\u914d\u7f6e\u6216\u6620\u5c04\u6587\u4ef6\uff0c\u63d0\u53d6\u7528\u6237\u7cfb\u7edf\u4e0a\u5df2\u77e5\u4f4d\u7f6e\u6216\u53ef\u8bbf\u95ee\u7f51\u7edc\u6587\u4ef6\u5939\u4e0a\u7684\u4efb\u4f55\u6587\u4ef6\u3002",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/html/ssa-701627.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2024-47912",
  "openTime": "2024-12-12",
  "patchDescription": "COMOS\u662f\u4e00\u4e2a\u7528\u4e8e\u534f\u540c\u5de5\u5382\u8bbe\u8ba1\u3001\u8fd0\u8425\u548c\u7ba1\u7406\u7684\u7edf\u4e00\u6570\u636e\u5e73\u53f0\uff0c\u652f\u6301\u5728\u6574\u4e2a\u5de5\u5382\u751f\u547d\u5468\u671f\u5185\u6536\u96c6\u3001\u5904\u7406\u3001\u4fdd\u5b58\u548c\u5206\u53d1\u4fe1\u606f\u3002\r\n\r\nSiemens COMOS\u5b58\u5728XXE\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u8bf4\u670d\u7528\u6237\u5728\u53d7\u5f71\u54cd\u7684\u7ec4\u4ef6\u4e4b\u4e00\u4e2d\u4f7f\u7528\u6076\u610f\u6784\u5efa\u7684\u914d\u7f6e\u6216\u6620\u5c04\u6587\u4ef6\uff0c\u63d0\u53d6\u7528\u6237\u7cfb\u7edf\u4e0a\u5df2\u77e5\u4f4d\u7f6e\u6216\u53ef\u8bbf\u95ee\u7f51\u7edc\u6587\u4ef6\u5939\u4e0a\u7684\u4efb\u4f55\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens COMOS XXE\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens COMOS V10.3 \u003cV10.3.3.5.8",
      "Siemens COMOS V10.4.0",
      "Siemens COMOS V10.4.1",
      "Siemens COMOS V10.4.2",
      "Siemens COMOS V10.4.3 \u003cV10.4.3.0.47",
      "Siemens COMOS V10.4.4 \u003cV10.4.4.2",
      "Siemens COMOS V10.4.4.1 \u003cV10.4.4.1.21"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html",
  "serverity": "\u4e2d",
  "submitTime": "2024-12-12",
  "title": "Siemens COMOS XXE\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2024-49704 (GCVE-0-2024-49704)

Vulnerability from cvelistv5

Published

2024-12-10 13:53

Modified

2024-12-10 15:10

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
5.7 (Medium) - CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Summary

A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components.

References

▼	URL	Tags
	https://cert-portal.siemens.com/productcert/html/ssa-701627.html

Impacted products

Vendor

Product

Version

▼

Siemens

COMOS V10.3

Version: 0 < V10.3.3.5.8

Siemens	COMOS V10.4.0	Version: 0 < *
Siemens	COMOS V10.4.1	Version: 0 < *
Siemens	COMOS V10.4.2	Version: 0 < *
Siemens	COMOS V10.4.3	Version: 0 < V10.4.3.0.47
Siemens	COMOS V10.4.4	Version: 0 < V10.4.4.2
Siemens	COMOS V10.4.4.1	Version: 0 < V10.4.4.1.21

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-49704",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-10T15:09:04.565727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-10T15:10:39.768Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.3.3.5.8",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.0",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.2",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "*",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.3",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.4.3.0.47",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.4",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.4.4.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "COMOS V10.4.4.1",
          "vendor": "Siemens",
          "versions": [
            {
              "lessThan": "V10.4.4.1.21",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in COMOS V10.3 (All versions \u003c V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions \u003c V10.4.3.0.47), COMOS V10.4.4 (All versions \u003c V10.4.4.2), COMOS V10.4.4.1 (All versions \u003c V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user\u0027s system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        {
          "cvssV4_0": {
            "baseScore": 5.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-611",
              "description": "CWE-611: Improper Restriction of XML External Entity Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-12-10T13:53:54.522Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/html/ssa-701627.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2024-49704",
    "datePublished": "2024-12-10T13:53:54.522Z",
    "dateReserved": "2024-10-17T11:48:30.930Z",
    "dateUpdated": "2024-12-10T15:10:39.768Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted