COMOS SQL Server AC Flaw Exposes Sensitive DB Data
CVE-2023-46601 Published on November 14, 2023
A vulnerability has been identified in COMOS (All versions). The affected application lacks proper access controls in making the SQLServer connection. This could allow an attacker to query the database directly to access information that the user should not have access to.
Weakness Type
What is an Authorization Vulnerability?
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVE-2023-46601 has been classified to as an Authorization vulnerability or weakness.
Products Associated with CVE-2023-46601
Want to know whenever a new CVE is published for Siemens Comos? stack.watch will email you.
Affected Versions
Siemens COMOS Version All versions is affected by CVE-2023-46601Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.