CVE-2023-46601 CRITICAL

CVE-2023-46601

Vendor Siemens

Product COMOS

Weakness CWE-284

Published November 14, 2023

Last update January 8, 2025

View on NVD All CVEs

CVSS base score

9.6/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:P/RL:O/RC:C

What the vulnerability does

01Description

A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.

Key dates

02Disclosure timeline

November 14, 2023 CVE published

January 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-46601 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

04Related CVE

CVE-2024-39837 Malicious remote can create arbitrary channels CVE-2019-1759 Cisco IOS XE Software Gigabit Ethernet Management Interface Access Control List Bypass Vulnerability CVE-2024-39414 Being able to import/export tax rates without proper privileges CVE-2024-36399 Kanboard affected by Project Takeover via IDOR in ProjectPermissionController CVE-2023-36561 Azure DevOps Server Elevation of Privilege Vulnerability