Siemens COMOS Privilege Escalation

Monday, December 16, 2013 @ 02:12 PM gHale

Siemens created an update to a privilege escalation vulnerability in the Siemens COMOS database application, according to a report on ICS-CERT.

The client application used for accessing the database system might allow authenticated Windows users to elevate their rights in regard to the database access over the COMOS graphical user interface.

Cooper Ends Server after Finding Bug
Cooper Power Fixes SMP Gateway Bug
RuggedCom Vulnerabilities Patched
Siemens Fixes SINAMICS Bug

The following Siemens products suffer from the issue:
• All COMOS versions prior to 9.2
• COMOS 9.2: all versions prior to V092_Upd08_Patch001 (
• COMOS 10.0: all versions prior to V100_SP03_Upd01_Patch040 (
• COMOS 10.1: all versions prior to V101_Patch002 (

A vulnerability in the client application of COMOS might allow privilege escalation in regard to the database access for local authenticated users. Elevated access may allow compromise of the confidentiality, integrity, and availability of the database.

Siemens is a multinational company headquartered in Munich, Germany. COMOS is an object-oriented database system that supports collecting, processing, saving, and distributing information. COMOS sees use across quite a few engineering domains globally, including functional engineering of plans and machines, engineering and design, automation and process control planning, and asset and plant management.

The vulnerability in the client application of COMOS might allow an attacker privilege escalation to the database using the COMOS graphical user interface. This interface is for local authenticated users to access the database through the client application.

CVE-2013-6840 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 7.2.

The attacker would need local access as an authenticated user to exploit the vulnerability. While no known public exploits specifically target this vulnerability, an attacker with a low skill would be able to exploit this vulnerability.

Siemens provides the following updates for COMOS Versions 9.2, 10.0 and 10.1 that resolves this vulnerability:
• COMOS 9.2: V092_Upd08_Patch001 (
• COMOS 10.0: V100_SP03_Upd01_Patch040 (
• COMOS 10.1: V101_Patch002 (

Siemens recommends installing the updates as soon as possible. These updates are available at the Siemens customer support site.

For further information, please find a description and release notes in the Siemens Security Advisory.

Users of older versions of COMOS should upgrade to the supported versions.

Leave a Reply

You must be logged in to post a comment.