var-201312-0469
Vulnerability from variot
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Siemens COMOS is a factory management software developed by Siemens. The attacker needs to be able to access the system as a windows user and must be able to access the COMOS object. Siemens COMOS is prone to a local privilege-escalation vulnerability. The following product versions are vulnerable: COMOS versions prior to 9.2 COMOS 9.2.x versions prior to 9.2.0.8.1 COMOS 10.0.x versions prior to 10.0.3.1.40 COMOS 10.1.x versions prior to 10.1.0.0.2. The software enables the holistic design and management of plant and machinery assets throughout their lifecycle
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0469", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "comos", "scope": "eq", "trust": 2.2, "vendor": "siemens", "version": "9.2" }, { "model": "comos", "scope": "eq", "trust": 2.2, "vendor": "siemens", "version": "10.0" }, { "model": "comos", "scope": "eq", "trust": 2.2, "vendor": "siemens", "version": "10.1" }, { "model": "comos", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "9.2.0.6.10" }, { "model": "comos", "scope": "eq", "trust": 1.6, "vendor": "siemens", "version": "10.0.3.0.4" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "10.1.0.0.2" }, { "model": "comos", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "10.1" }, { "model": "comos", "scope": "eq", "trust": 0.8, "vendor": "siemens", "version": "10.0.3.1.40" }, { "model": "comos", "scope": "lt", "trust": 0.8, "vendor": "siemens", "version": "10.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "comos", "version": "9.2" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "comos", "version": "9.2.0.6.10" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "comos", "version": "10.0" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "comos", "version": "10.0.3.0.4" }, { "model": null, "scope": "eq", "trust": 0.4, "vendor": "comos", "version": "10.1" } ], "sources": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNNVD", "id": "CNNVD-201312-174" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:siemens:comos", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005501" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor reported this issue.", "sources": [ { "db": "BID", "id": "64153" } ], "trust": 0.3 }, "cve": "CVE-2013-6840", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "CVE-2013-6840", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 1.8, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "CNVD-2013-14971", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "68c3a058-2352-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "author": "IVD", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 3.9, "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.2, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.9 [IVD]" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "VHN-66842", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2013-6840", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "CVE-2013-6840", "trust": 0.8, "value": "Medium" }, { "author": "CNVD", "id": "CNVD-2013-14971", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201312-174", "trust": 0.6, "value": "MEDIUM" }, { "author": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d", "trust": 0.2, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-66842", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "VULHUB", "id": "VHN-66842" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNNVD", "id": "CNNVD-201312-174" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. Siemens COMOS is a factory management software developed by Siemens. The attacker needs to be able to access the system as a windows user and must be able to access the COMOS object. Siemens COMOS is prone to a local privilege-escalation vulnerability. \nThe following product versions are vulnerable:\nCOMOS versions prior to 9.2\nCOMOS 9.2.x versions prior to 9.2.0.8.1\nCOMOS 10.0.x versions prior to 10.0.3.1.40\nCOMOS 10.1.x versions prior to 10.1.0.0.2. The software enables the holistic design and management of plant and machinery assets throughout their lifecycle", "sources": [ { "db": "NVD", "id": "CVE-2013-6840" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "BID", "id": "64153" }, { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "VULHUB", "id": "VHN-66842" } ], "trust": 2.88 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-6840", "trust": 3.8 }, { "db": "BID", "id": "64153", "trust": 2.6 }, { "db": "SECUNIA", "id": "56010", "trust": 2.3 }, { "db": "SIEMENS", "id": "SSA-568732", "trust": 2.3 }, { "db": "CNNVD", "id": "CNNVD-201312-174", "trust": 1.1 }, { "db": "CNVD", "id": "CNVD-2013-14971", "trust": 1.0 }, { "db": "ICS CERT", "id": "ICSA-13-347-01", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2013-005501", "trust": 0.8 }, { "db": "IVD", "id": "68C3A058-2352-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "IVD", "id": "27A69E3E-1EF9-11E6-ABEF-000C29C66E3D", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-89635", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-66842", "trust": 0.1 } ], "sources": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "VULHUB", "id": "VHN-66842" }, { "db": "BID", "id": "64153" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNNVD", "id": "CNNVD-201312-174" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "id": "VAR-201312-0469", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "VULHUB", "id": "VHN-66842" } ], "trust": 0.11000000000000001 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "ICS" ], "sub_category": null, "trust": 1.0 } ], "sources": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" } ] }, "last_update_date": "2024-11-23T22:46:08.761000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "SSA-568732", "trust": 0.8, "url": "https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf" }, { "title": "Siemens COMOS Database Access Privilege Escalation Vulnerability Patch", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchInfo/show/41533" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-264", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-66842" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/64153" }, { "trust": 1.7, "url": "http://secunia.com/advisories/56010" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6840" }, { "trust": 0.8, "url": "http://ics-cert.us-cert.gov/advisories/icsa-13-347-01" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6840" }, { "trust": 0.6, "url": "http://secunia.com/advisories/56010/" }, { "trust": 0.3, "url": "http://subscriber.communications.siemens.com/" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "VULHUB", "id": "VHN-66842" }, { "db": "BID", "id": "64153" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNNVD", "id": "CNNVD-201312-174" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "db": "CNVD", "id": "CNVD-2013-14971" }, { "db": "VULHUB", "id": "VHN-66842" }, { "db": "BID", "id": "64153" }, { "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "db": "CNNVD", "id": "CNNVD-201312-174" }, { "db": "NVD", "id": "CVE-2013-6840" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-12-12T00:00:00", "db": "IVD", "id": "68c3a058-2352-11e6-abef-000c29c66e3d" }, { "date": "2013-12-12T00:00:00", "db": "IVD", "id": "27a69e3e-1ef9-11e6-abef-000c29c66e3d" }, { "date": "2013-12-11T00:00:00", "db": "CNVD", "id": "CNVD-2013-14971" }, { "date": "2013-12-10T00:00:00", "db": "VULHUB", "id": "VHN-66842" }, { "date": "2013-12-06T00:00:00", "db": "BID", "id": "64153" }, { "date": "2013-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "date": "2013-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201312-174" }, { "date": "2013-12-10T16:55:25.853000", "db": "NVD", "id": "CVE-2013-6840" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2013-12-12T00:00:00", "db": "CNVD", "id": "CNVD-2013-14971" }, { "date": "2013-12-12T00:00:00", "db": "VULHUB", "id": "VHN-66842" }, { "date": "2013-12-17T00:47:00", "db": "BID", "id": "64153" }, { "date": "2013-12-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005501" }, { "date": "2013-12-12T00:00:00", "db": "CNNVD", "id": "CNNVD-201312-174" }, { "date": "2024-11-21T01:59:49.183000", "db": "NVD", "id": "CVE-2013-6840" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "64153" }, { "db": "CNNVD", "id": "CNNVD-201312-174" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Siemens COMOS Vulnerable to gaining database privileges", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005501" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control", "sources": [ { "db": "CNNVD", "id": "CNNVD-201312-174" } ], "trust": 0.6 } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.