CVE-2016-5849
published 2016-07-04CVE-2016-5849: Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
PriorityP46low2.5CVSS 3.1
AVLACHPRLUINSUCLINAN
EPSS
0.32%
23.4th percentile
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | <= 8.07 | — |
CVSS provenance
nvdv3.12.5LOWCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.01.9LOWAV:L/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-47qc-ch82-95fv: Siemens SICAM PAS through 8
ghsa_unreviewed·2022-05-17
CVE-2016-5849 [LOW] CWE-200 GHSA-47qc-ch82-95fv: Siemens SICAM PAS through 8
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
CISA ICS
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
cisa_ics·2016-11-29
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM PAS Information Disclosure Vulnerabilities (Update B)
Last RevisedDecember 01, 2016
Alert CodeICSA-16-182-02B
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-16-182-02A Siemens SICAM PAS Vulnerabilities that was published November 29, 2016, on the NCCIC/ICS-CERT web site.
Positive Technologies’ Ilya Karpov and Dmitry Sklyarov have identified two vulnerabilities in the Siemens SICAM PAS (Power Automation System). Siemens has produced a new version and mitigation instructions to address these vulnerabilities.
## AFFECTED PRODUC
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/91525http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-182-02http://www.securityfocus.com/bid/91525http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfhttps://ics-cert.us-cert.gov/advisories/ICSA-16-182-02
2016-07-04
Published