CVE-2012-3009

Published: Aug 16, 2012Modified: Apr 29, 2026

8.5

Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

Exploitability: 6.8 / Impact: 10.0

Source: NVD

Description

Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.

Affected (3)

Products: Siemens: Comos

Siemens

1 product

Comos

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Comos	Up to 9.1
Siemens Comos	Version 10.0
Siemens Comos	Version 9.2 03

Related CWEs

CWE-264

References (4)

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf

Source: ics-cert@hq.dhs.gov

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf

Source: ics-cert@hq.dhs.gov

US Government Resource

http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.