Siemens COMOS

Act Now10ICS-CERT ICSA-26-043-03Dec 9, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

COMOS is affected by multiple vulnerabilities (CWE-200, CWE-79, CWE-20, CWE-340, CWE-295) that could allow an attacker to execute arbitrary code, cause denial of service, infiltrate data, or perform access control violations. The vulnerabilities are remotely exploitable with no authentication required (CVSS 10.0, network vector, low complexity).

What this means

What could happen

An attacker could remotely execute arbitrary commands on COMOS servers, potentially disrupting engineering design, data management, or plant configuration workflows. This could lead to unauthorized modification of plant designs, shutdown of critical process documentation systems, or theft of sensitive plant engineering data.

Who's at risk

Organizations running Siemens COMOS should care about this vulnerability. COMOS is used by utilities and manufacturing for process engineering, plant design, and asset management. This vulnerability affects engineering workstations and servers that store critical plant configuration data.

How it could be exploited

An attacker on the network could send a specially crafted request to a vulnerable COMOS instance to trigger code execution or access control bypasses. Since the vulnerability requires no authentication and has a low attack complexity, exploitation can occur immediately upon network access to the COMOS server.

Prerequisites

Network access to COMOS server
COMOS running on affected version (10.4.5.0.1, 10.6.0, 10.4.0-10.4.4, or 10.5.0-10.5.1)
No authentication required

remotely exploitableno authentication requiredlow complexityactively exploited (KEV)high EPSS score (39.5%)affects engineering/data systemsno fix available for V10.4.5.0.1

Exploitability

Actively exploited — confirmed by CISA KEV

Affected products (4)

3 with fix1 EOL

ProductAffected VersionsFix Status

COMOS V10.6< 10.6.110.6.1

COMOS V10.4< 10.4.510.4.5

COMOS V10.5< 10.5.210.5.2

COMOS V10.4.5< 10.4.5.0.2No fix (EOL)

Remediation & Mitigation

0/6

Do now

0/6

COMOS V10.4

HOTFIXUpdate COMOS V10.4 installations to version 10.4.5 or later

WORKAROUNDContact Siemens customer support for patch and update information for COMOS V10.4.5.0.1 (no vendor fix available)

COMOS V10.5

HOTFIXUpdate COMOS V10.5 installations to version 10.5.2 or later

COMOS V10.6

HOTFIXUpdate COMOS V10.6 installations to version 10.6.1 or later

All products

HARDENINGRestrict network access to COMOS servers to authorized engineering workstations and management networks only

HARDENINGIsolate COMOS servers on a segmented network separate from process control networks and corporate networks

CVEs (6)

CVE-2024-11053 CVE-2024-47875 CVE-2025-2783 CVE-2025-10148 CVE-2025-40800 CVE-2025-40801

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ddd6f2e9-c926-4d8b-82b4-549f43cb24a7