File Parsing Vulnerabilities in COMOS

Plan Patch7.8SSA-155599Mar 8, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

COMOS contains multiple vulnerabilities in the Drawings SDK (Open Design Alliance) that are triggered when the application parses DGN, DXF, or DWG file formats. These vulnerabilities include buffer overflows, out-of-bounds access, and use-after-free conditions. Exploitation could allow information disclosure or remote code execution in the context of the COMOS process.

What this means

What could happen

A user tricked into opening a malicious drawing file in COMOS could allow an attacker to leak sensitive data (like process designs or credentials) or execute arbitrary code with the privileges of the COMOS application, potentially affecting plant engineering and operational integrity.

Who's at risk

Plant engineers and control systems administrators who use Siemens COMOS for process design, documentation, and automation engineering should care about this vulnerability. COMOS is used to create and manage industrial plant designs, and compromise of the engineering workstation could allow attackers to modify plant designs, inject malicious logic, or steal intellectual property.

How it could be exploited

An attacker sends a malicious DGN, DXF, or DWG file to a COMOS user. When the user opens the file in COMOS, the vulnerable Drawings SDK parser processes the crafted file, triggering a buffer overflow or memory corruption. The attacker can then read memory (information disclosure) or redirect execution to run arbitrary code on the engineering workstation.

Prerequisites

User must open a malicious drawing file (DGN, DXF, or DWG format) with COMOS
Social engineering or file delivery mechanism required

requires user interaction (file open)low complexity exploitaffects engineering workstationspotential for code executionmemory corruption vulnerabilities

Exploitability

Low exploit probability (EPSS 0.7%)

Affected products (1)

ProductAffected VersionsFix Status

COMOS< V10.4.110.4.1

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDImplement file upload/file type restrictions for DGN, DXF, and DWG files until patching is complete

HARDENINGEducate users not to open drawing files from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to version 10.4.1 or later

Long-term hardening

0/1

HARDENINGIsolate COMOS engineering workstations on a separate network segment from plant floor systems

CVEs (15)

CVE-2021-25173 CVE-2021-25174 CVE-2021-25175 CVE-2021-25176 CVE-2021-25177 CVE-2021-25178 CVE-2021-31784 CVE-2021-32936 CVE-2021-32938 CVE-2021-32940 CVE-2021-32944 CVE-2021-32946 CVE-2021-32948 CVE-2021-32950 CVE-2021-32952

View full Siemens ProductCERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/5773a24f-5b23-4a6f-be64-94b4d8be34a6