OTPulse
FeedAboutContact

Local Arbitrary Code Execution Vulnerability in COMOS Before V10.6

Plan Patch8.2SSA-769791Aug 12, 2025
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

COMOS before version 10.6 contains a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. The vulnerability is triggered when a user opens a malicious drawing file, allowing code execution with user privileges. Siemens has released version 10.6 with a fix.

What this means
What could happen
An attacker with local access to an engineering workstation running COMOS could execute arbitrary code with the privileges of the user running the application, potentially compromising the integrity of process designs, control logic, or project data stored in COMOS.
Who's at risk
Engineering teams at water utilities and power plants who use COMOS for process design, P&ID documentation, and automation project management. Affects any user with access to COMOS workstations, particularly those handling external or untrusted engineering documents.
How it could be exploited
An attacker would need to trick a COMOS user into opening a malicious drawing file (via the Open Design Alliance SDK component). When the file is processed, arbitrary code executes with the privileges of the logged-in user. This could allow modification of engineering documents, PLC programs, or extraction of sensitive process configuration data.
Prerequisites
  • Local access to the engineering workstation running COMOS
  • User interaction required (user must open a malicious drawing file)
  • COMOS version prior to 10.6
Low EPSS score (0.1%)Local access requiredUser interaction requiredAffects engineering workstationsCould compromise process designs and control logic
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
COMOS< 10.610.6
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate COMOS to version 10.6 or later
View full Siemens ProductCERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/36645eb6-4caa-4e3a-938f-bcca702c18f2