COMOS before V10.6 is affected by a local arbitrary code execution vulnerability in the integrated Open Design Alliance Drawings SDK.
Siemens has released a new version for COMOS and recommends to update to the latest version.

https://cert-portal.siemens.com/productcert/html/ssa-769791.html