CVE-2023-43504 – A buffer overflow vulnerability in COMOS's Ptmc... (How to Fix)

Q: How do I fix CVE-2023-43504?

1. Download COMOS V10.4.4 or later from Siemens support portal. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart affected systems.

Q: What is the severity of CVE-2023-43504?

CVE-2023-43504 has a CVSS score of 9.6 (CRITICAL). A buffer overflow vulnerability in COMOS's Ptmcast executable allows attackers to execute arbitrary code or cause denial of service. This affects all COMOS versions before V10.4.4. Attackers could potentially gain full control of affected systems.

📋 TL;DR

A buffer overflow vulnerability in COMOS's Ptmcast executable allows attackers to execute arbitrary code or cause denial of service. This affects all COMOS versions before V10.4.4. Attackers could potentially gain full control of affected systems.

💻 Affected Systems

Products:

Siemens COMOS

Versions: All versions < V10.4.4

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Ptmcast executable is part of COMOS installation; specific configurations may affect exploitability.

📦 What is this software?

Comos by Siemens

View all CVEs affecting Comos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, and lateral movement within the network.

🟠

Likely Case

Denial of service affecting COMOS functionality, potentially disrupting industrial operations.

🟢

If Mitigated

Limited impact if network segmentation and access controls prevent exploitation attempts.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

SEH-based buffer overflow requires specific knowledge of COMOS memory layout but no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V10.4.4 or later

Vendor Advisory: https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf

Restart Required: Yes

Instructions:

1. Download COMOS V10.4.4 or later from Siemens support portal. 2. Backup current installation. 3. Run installer with administrative privileges. 4. Restart affected systems.

🔧 Temporary Workarounds

Disable Ptmcast Service

windows

Stop and disable the vulnerable Ptmcast executable if not required for operations.

sc stop Ptmcast
sc config Ptmcast start= disabled

Restrict Network Access

windows

Block network access to COMOS services using firewall rules.

netsh advfirewall firewall add rule name="Block COMOS" dir=in action=block program="C:\Program Files\Siemens\COMOS\Ptmcast.exe" enable=yes

🧯 If You Can't Patch

Implement strict network segmentation to isolate COMOS systems from untrusted networks.
Apply Windows security hardening and disable unnecessary services.

🔍 How to Verify

Check if Vulnerable:

Check COMOS version in About dialog or registry: HKEY_LOCAL_MACHINE\SOFTWARE\Siemens\COMOS\Version

Check Version:

reg query "HKLM\SOFTWARE\Siemens\COMOS" /v Version

Verify Fix Applied:

Verify version is V10.4.4 or later and Ptmcast executable is updated.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation from Ptmcast.exe
Access violations or crash logs related to Ptmcast

Network Indicators:

Unexpected network connections to COMOS service ports
Traffic patterns indicating buffer overflow attempts

SIEM Query:

ProcessName="Ptmcast.exe" AND (EventID=1000 OR EventID=1001)

📊 Metadata

CVE ID: CVE-2023-43504

CVSS v3 Score: 9.6 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-120

Published: November 14, 2023

Last Updated: November 21, 2024

🔗 References

https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-137900.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-43504, you might also want to check these: