CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2024-54005
https://notcve.org/view.php?id=CVE-2024-54005
10 Dec 2024 — A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location... • https://cert-portal.siemens.com/productcert/html/ssa-701627.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 0CVE-2024-49704
https://notcve.org/view.php?id=CVE-2024-49704
10 Dec 2024 — A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker ... • https://cert-portal.siemens.com/productcert/html/ssa-701627.html • CWE-611: Improper Restriction of XML External Entity Reference •