Total
9 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43723 | 1 Siemens | 2 Sicam Pas, Sicam Pqs | 2022-12-15 | N/A | 7.5 HIGH |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
| CVE-2022-43722 | 1 Siemens | 2 Sicam Pas, Sicam Pqs | 2022-12-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
| CVE-2022-43724 | 1 Siemens | 2 Sicam Pas, Sicam Pqs | 2022-12-15 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | |||||
| CVE-2016-9156 | 1 Siemens | 1 Sicam Pas | 2017-06-12 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. | |||||
| CVE-2016-9157 | 1 Siemens | 1 Sicam Pas | 2017-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | |||||
| CVE-2016-8566 | 1 Siemens | 1 Sicam Pas | 2017-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database. | |||||
| CVE-2016-8567 | 1 Siemens | 1 Sicam Pas | 2017-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. | |||||
| CVE-2016-5849 | 1 Siemens | 1 Sicam Pas | 2016-11-28 | 1.9 LOW | 2.5 LOW |
| Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. | |||||
| CVE-2016-5848 | 1 Siemens | 1 Sicam Pas | 2016-11-28 | 1.7 LOW | 6.7 MEDIUM |
| Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. | |||||