Full Report
COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK. Siemens has released a new version for COMOS and recommends to update to the latest version.
Analysis Summary
# Vulnerability: Local Arbitrary Code Execution in Siemens COMOS due to ODA Drawings SDK Flaw
## CVE Details
- CVE ID: CVE-2024-8894
- CVSS Score: 8.2 (High) [CVSS v3.1] / 8.1 (High) [CVSS v4.0]
- CWE: CWE-787: Out-of-bounds Write
## Affected Systems
- Products: Siemens COMOS
- Versions: All versions prior to V10.6
- Configurations: Vulnerability leveraged via importing/reading crafted DWF files within the product utilizing the integrated Open Design Alliance Drawings SDK.
## Vulnerability Description
A vulnerability was discovered in the integrated Open Design Alliance Drawings SDK used by COMOS. Specifically, reading a maliciously crafted DWF file, due to missing proper checks on received `SectionIterator` data, can trigger an Out-of-bounds Write vulnerability. This failure to handle data bounds correctly can lead to an unhandled exception.
## Exploitation
- Status: PoC available (Implied through the criticality and nature of the flaw, though not explicitly stated as widespread exploitation)
- Complexity: Low (CVSS vector: AV:L/AC:L/PR:N/UI:R - Local attack vector, Low Attack Complexity, No privileges required, User interaction required)
- Attack Vector: Local (The user must interact with the malicious file)
## Impact
- Confidentiality: High (C:H in CVSS v3.1/v4.0)
- Integrity: None (I:N in CVSS v3.1/v4.0 analysis, though arbitrary code execution usually implies potential integrity impact)
- Availability: High (A:H in CVSS v3.1/v4.0, due to potential for Denial of Service via crash)
*(Note: While the description mentions potential arbitrary code execution, the specified impact vector for integrity is noted as 'None' in the combined CVSS vectors provided, focusing primarily on DoS and Confidentiality breach via code execution context.)*
## Remediation
### Patches
- Update Siemens COMOS to **V10.6 or a later version**.
- Patch Source Link: [https://support.sw.siemens.com/product/222981661/](https://support.sw.siemens.com/product/222981661/)
### Workarounds
- Ensure that all files imported into the affected COMOS installation originate only from trusted sources.
- Ensure these files are transmitted over secure channels prior to importation/use.
## Detection
- **Indicators of Compromise:** System instability, unexpected application termination (crashes), or unusual process behavior originating from COMOS when processing DWF files.
- **Detection Methods and Tools:** Monitoring file access and integrity checks on DWF files being processed by the application, network monitoring for compromised file transmission sources.
## References
- Siemens ProductCERT Advisory SSA-769791: [https://cert-portal.siemens.com/productcert/html/ssa-769791.html](https://cert-portal.siemens.com/productcert/html/ssa-769791.html)
- Siemens General Security Recommendations: [https://www.siemens.com/industrialsecurity](https://www.siemens.com/industrialsecurity)
- Operational Guidelines for Industrial Security: [https://www.siemens.com/cert/operational-guidelines-industrial-security](https://www.siemens.com/cert/operational-guidelines-industrial-security)