Siemens COMOS

Plan PatchCVSS 8.2ICS-CERT ICSA-25-226-02Aug 12, 2025

Siemens

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

COMOS before version 10.6 contains an arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. A local attacker could execute arbitrary code by crafting a malicious design file and inducing a user to import it into COMOS. Successful exploitation could allow an attacker to run commands with COMOS user privileges, potentially modifying process designs or compromising system data. This vulnerability requires local access and user interaction—it is not remotely exploitable.

What this means

What could happen

An attacker with local access to a COMOS workstation could run arbitrary code by loading a malicious design file, potentially allowing them to modify process designs, steal data, or disrupt engineering operations.

Who's at risk

COMOS is used by plant engineers and operators to design and manage process control systems. This vulnerability affects organizations that use COMOS on engineering workstations to build or modify industrial control system designs. At-risk users include process engineers, automation specialists, and system integrators who import design files from external sources or untrusted vendors.

How it could be exploited

An attacker must first gain local access to a machine running COMOS. They then craft a malicious design file (leveraging the vulnerable Open Design Alliance Drawings SDK) and either trick a user into opening it or place it where COMOS will import it. When the file is imported or opened, the attacker's code executes with the privileges of the COMOS user.

Prerequisites

Local access to a COMOS workstation
User interaction required—attacker must trick a user into importing or opening a malicious design file
COMOS version earlier than 10.6 must be installed

Local attack required (not remote)User interaction requiredCan disable or crash systems (availability impact)Can allow code execution and data theft (confidentiality/integrity impact)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

COMOS< 10.610.6

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict import of design files to only those from verified, trusted sources; require verification before importing external files

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to version 10.6 or later

Long-term hardening

0/2

HARDENINGRestrict local access to COMOS workstations through physical security or account controls to authorized personnel only

HARDENINGIsolate COMOS design/engineering workstations from internet-facing networks

CVEs (1)

CVE-2024-8894

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d44ffed3-e7f3-48da-ad76-c4b9357e8415

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.