As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens’ ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
1. EXECUTIVE SUMMARY
- CVSS v3 9.3
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: COMOS
- Vulnerabilities: Incomplete List of Disallowed Inputs, Cleartext Transmission of Sensitive Information
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or lead to data infiltration.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
Siemens reports that the following products are affected:
- Siemens COMOS with COMOS Web deployed: Versions prior to 10.4.5 (CVE-2023-45133)
- Siemens COMOS that use COMOS Snapshots component: Versions prior to 10.4.5 (CVE-2024-0056)
3.2 VULNERABILITY OVERVIEW
3.2.1 INCOMPLETE LIST OF DISALLOWED INPUTS CWE-184
Babel is a compiler for writing JavaScript. In @babel/traverse prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of babel-traverse, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the path.evaluate() or path.evaluateTruthy() internal Babel methods. Known affected plugins are @babel/plugin-transform-runtime; @babel/preset-env when using its useBuiltIns option; and any “polyfill provider” plugin that depends on @babel/helper-define-polyfill-provider, such as babel-plugin-polyfill-corejs3, babel-plugin-polyfill-corejs2, babel-plugin-polyfill-
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: