U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:siemens:comos:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 26 matching records.
Displaying matches 21 through 26.
Vuln ID Summary CVSS Severity
CVE-2021-25177

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Confusion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Published: January 18, 2021; 3:15:13 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25176

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A NULL pointer dereference exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Published: January 18, 2021; 3:15:13 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25175

An issue was discovered in Open Design Alliance Drawings SDK before 2021.11. A Type Conversion issue exists when rendering malformed .DXF and .DWG files. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart).

Published: January 18, 2021; 3:15:13 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25174

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).

Published: January 18, 2021; 3:15:13 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2021-25173

An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).

Published: January 18, 2021; 3:15:13 AM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2012-3009

Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.

Published: August 16, 2012; 6:38:04 AM -0400 		V4.0:(not available)
 V3.x:(not available)
 V2.0: 8.5 HIGH