Vulnerability Details : CVE-2012-3009
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
Exploit prediction scoring system (EPSS) score for CVE-2012-3009
Probability of exploitation activity in the next 30 days: 0.16%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2012-3009
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
8.5
|
HIGH | AV:N/AC:M/Au:S/C:C/I:C/A:C |
6.8
|
10.0
|
NIST |
CWE ids for CVE-2012-3009
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-3009
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-227-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf
Vendor Advisory
Products affected by CVE-2012-3009
- cpe:2.3:a:siemens:comos:*:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:comos:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:siemens:comos:9.2:03:*:*:*:*:*:*