CVE-2023-43504

CVSS 9.6 CRITICALEPSS 0.9%CWE-120

Vexday Risk Score

28Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 9.6EPSS 0.9%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

14 Nov 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been identified in COMOS (All versions < V10.4.4). Ptmcast executable used for testing cache validation service in affected application is vulnerable to Structured Exception Handler (SEH) based buffer overflow. This could allow an attacker to execute arbitrary code on the target system or cause denial of service condition.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected products

Siemens · COMOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf