Siemens COMOS

Plan Patch9.3ICS-CERT ICSA-25-317-15Nov 11, 2025

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

COMOS versions prior to 10.4.5 contain two vulnerabilities (CWE-184: improper permissions, CWE-319: cleartext transmission) that allow an attacker with local access to execute arbitrary code on an engineering workstation. This could lead to unauthorized access to sensitive plant design data or the ability to modify process configurations. Siemens recommends updating to version 10.4.5 or later and implementing network isolation controls to limit access to COMOS systems.

What this means

What could happen

An attacker with local access to a COMOS workstation could execute arbitrary code with system privileges, potentially compromising sensitive engineering data or gaining the ability to modify process configurations.

Who's at risk

This affects organizations running Siemens COMOS (versions below 10.4.5) for plant design, engineering, and configuration work. COMOS is used in water treatment, power generation, petrochemical, and manufacturing environments for process design and automation configuration. Primary concern is engineering workstations where sensitive process configurations and designs are stored.

How it could be exploited

An attacker with local or physical access to a COMOS engineering workstation could exploit improper permissions (CWE-184) or unencrypted data transmission (CWE-319) to execute arbitrary code and gain administrative control of the system.

Prerequisites

Local access to COMOS engineering workstation
COMOS version prior to 10.4.5
No elevated privileges required

Local access required for exploitationNo authentication requiredLow attack complexityHigh impact to confidentiality and integrityAffects engineering/automation systems

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (1)

ProductAffected VersionsFix Status

COMOS< 10.4.510.4.5

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGRestrict physical access to engineering workstations running COMOS

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to version 10.4.5 or later

Long-term hardening

0/2

HARDENINGIsolate COMOS systems and engineering networks from business networks using firewalls

HARDENINGEncrypt network traffic for any remote access to COMOS systems using VPN

CVEs (2)

CVE-2023-45133 CVE-2024-0056

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/e370c6db-dd54-486f-8034-00af82d597dd