This morning the DHS ICS-CERT published an advisory for an
escalation of privilege vulnerability in the Siemens COMOS database
application. The vulnerability was self-reported last
week by Siemens and an update has been made available for the latest
versions of the product.
ICS-CERT reports that a relatively low skilled attacker with
authenticated local access to the database could exploit this vulnerability to compromise
of the confidentiality, integrity, and availability of the database.
Siemens has revised their
advisory that I mentioned last week with additional contact information. I
notice that this is the second privilege escalation vulnerability that Siemens
has reported in their COMOS product; the earlier
advisory was published in August (ICS-CERT Advisory - ICSA-12-227-01; that
was also
late reported by ICS-CERT).
Posts
No comments:
Post a Comment