Security Advisory - COMOS
Siemens was notified of a vulnerability in the client application of the database system COMOS which might allow attackers to escalate their privileges for database access. The attacker would need local access as authenticated user to exploit the vulnerability.
Siemens provides software updates that fix the vulnerability.
The object oriented database system of COMOS supports collecting, processing, saving, and distributing information throughout the entire design process and allows the configuration of user privileges.
The client application used for accessing the database system allows authenticated Windows users to elevate their rights in regard to the database access over the COMOS graphical user interface.
Further information can be found at: