CVE-2013-6840

medium

Published 2013-12-10 · Modified 2026-04-29

CVSS v3

—

CVSS v2

6.9

VIR risk

6.9

Description

Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/56010

Application impact

Vendor	Product	Versions
siemens	comos	`9.2`
siemens	comos	`9.2.0.6.10`
siemens	comos	`10.0`
siemens	comos	`10.0.3.0.4`
siemens	comos	`10.1`

References

http://secunia.com/advisories/56010
http://www.securityfocus.com/bid/64153
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf
http://secunia.com/advisories/56010
http://www.securityfocus.com/bid/64153
https://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-568732.pdf

CWEs

CWE-264

Verify integrity in audit chain (admin only). AS-IS.