Buffer Overflow Vulnerability in COMOS
Act Now10SSA-693110Feb 14, 2023
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A buffer overflow vulnerability exists in the COMOS cache validation service that allows an unauthenticated network attacker to execute arbitrary code or cause a denial of service. The vulnerability affects multiple versions of COMOS from V10.2 through V10.4.2.0. Siemens has released patches for all supported versions; V10.2 (end-of-life) will not receive a fix.
What this means
What could happen
An attacker could execute arbitrary code on COMOS systems through the cache validation service, potentially disrupting process data, control commands, or causing the service to crash. This could halt visualization, alarming, and real-time monitoring of industrial processes.
Who's at risk
This affects all water and power utilities running COMOS for process monitoring, alarming, and SCADA visualization. Critical for facilities that rely on COMOS as the primary human-machine interface or data aggregation layer for operational control.
How it could be exploited
An attacker with network access to the COMOS cache validation service port sends a malformed request that triggers a buffer overflow in the service. The overflow allows injection of executable code that runs with the service's privileges, enabling command execution or system crash.
Prerequisites
- Network access to COMOS cache validation service port
- No authentication required
remotely exploitableno authentication requiredlow complexitycritical CVSS score (10.0)affects core OT visibility and control
Exploitability
Moderate exploit probability (EPSS 1.1%)
Affected products (8)
7 with fix1 EOL
ProductAffected VersionsFix Status
COMOS V10.2All versionsNo fix (EOL)
COMOS V10.3.3.1< V10.3.3.1.4510.3.3.1.45
COMOS V10.3.3.2< V10.3.3.2.3310.3.3.2.33
COMOS V10.3.3.3< V10.3.3.3.910.3.3.3.9
COMOS V10.3.3.4< V10.3.3.4.610.3.3.4.6
COMOS V10.4.0.0< V10.4.0.0.3110.4.0.0.31
COMOS V10.4.1.0< V10.4.1.0.3210.4.1.0.32
COMOS V10.4.2.0< V10.4.2.0.2510.4.2.0.25
Remediation & Mitigation
0/9
Do now
0/1COMOS V10.2
WORKAROUNDFor COMOS V10.2 (end-of-life), restrict network access to the cache validation service using firewall rules to block untrusted sources
Schedule — requires maintenance window
0/7Patching may require device reboot — plan for process interruption
COMOS V10.3.3.1
HOTFIXUpdate COMOS V10.3.3.1 to version 10.3.3.1.45 or later
COMOS V10.3.3.2
HOTFIXUpdate COMOS V10.3.3.2 to version 10.3.3.2.33 or later
COMOS V10.3.3.3
HOTFIXUpdate COMOS V10.3.3.3 to version 10.3.3.3.9 or later
COMOS V10.3.3.4
HOTFIXUpdate COMOS V10.3.3.4 to version 10.3.3.4.6 or later
COMOS V10.4.0.0
HOTFIXUpdate COMOS V10.4.0.0 to version 10.4.0.0.31 or later
COMOS V10.4.1.0
HOTFIXUpdate COMOS V10.4.1.0 to version 10.4.1.0.32 or later
COMOS V10.4.2.0
HOTFIXUpdate COMOS V10.4.2.0 to version 10.4.2.0.25 or later
Mitigations - no patch available
0/1COMOS V10.2 has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate COMOS systems from direct internet access and untrusted internal networks
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/c4fd93b7-11cc-4724-92bc-e5a03548f9f1