CVE-2016-5848
published 2016-07-04CVE-2016-5848: Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by…
PriorityP426medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.31%
23.0th percentile
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | <= 8.07 | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.01.7LOWAV:L/AC:L/Au:S/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hrhc-vfjq-7844: Siemens SICAM PAS before 8
ghsa_unreviewed·2022-05-17
CVE-2016-5848 [MEDIUM] CWE-200 GHSA-hrhc-vfjq-7844: Siemens SICAM PAS before 8
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
CISA ICS
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
cisa_ics·2016-11-29
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
Last RevisedDecember 01, 2016
Alert CodeICSA-16-182-02B
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-16-182-02A Siemens SICAM PAS Vulnerabilities that was published November 29, 2016, on the NCCIC/ICS-CERT web site.
Positive Technologies’ Ilya Karpov and Dmitry Sklyarov have identified two vulnerabilities in the Siemens SICAM PAS (Power Automation System). Siemens has produced a new version and mitigation instructions to address these vulnerabilities.
## AFFECTED PRODUC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/91525http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-182-02http://www.securityfocus.com/bid/91525http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-182-02
2016-07-04
Published