Vulnerability Description
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
CVSS Score
8.5
HIGH
AV:N/AC:M/Au:S/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Comos | <= 9.1 |
Related Weaknesses (CWE)
References
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdfUS Government Resource
- http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_secVendor Advisory
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdfUS Government Resource
FAQ
What is CVE-2012-3009?
CVE-2012-3009 is a vulnerability with a CVSS score of 8.5 (HIGH). Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
How severe is CVE-2012-3009?
CVE-2012-3009 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3009?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Comos.