Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-3009


Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.


Published

2012-08-16T10:38:04.407

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 8.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: SINGLE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

6.8

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-264

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application siemens comos ≤ 9.1 Yes
Application siemens comos 9.2 Yes
Application siemens comos 10.0 Yes

References