CVE-2016-8567
published 2017-02-13CVE-2016-8567: An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers…
PriorityP355critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.82%
76.1th percentile
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | < 8.00 | 8.00 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-45mr-f5jj-96c9: An issue was discovered in Siemens SICAM PAS before 8
ghsa_unreviewed·2022-05-17
CVE-2016-8567 [CRITICAL] CWE-798 GHSA-45mr-f5jj-96c9: An issue was discovered in Siemens SICAM PAS before 8
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
CISA ICS
Siemens SICAM PAS Vulnerabilities (Update A)
cisa_ics·2016-12-01
Siemens SICAM PAS Vulnerabilities (Update A)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM PAS Vulnerabilities (Update A)
Last RevisedJune 15, 2017
Alert CodeICSA-16-336-01A
## OVERVIEW
This updated advisory is a follow-up to the original advisory titled ICSA-16-336-01 Siemens SICAM PAS Vulnerabilities that was published December 1, 2016, on the NCCIC/ICS-CERT web site.
Siemens has released an advisory to inform its users on how to mitigate vulnerabilities that affect SICAM PAS. Ilya Karpov and Dmitry Sklyarov of Positive Technologies and Sergey Temnikov and Vladimir Dashchenko of Kaspersky Lab coordinated these vulnerabilities directly with Siemens. Si
Red Hat
jboss: jbossas writable config files allow privilege escalation
vendor_redhat·2016-10-10·CVSS 7.8
CVE-2016-8657 [HIGH] CWE-732 jboss: jbossas writable config files allow privilege escalation
jboss: jbossas writable config files allow privilege escalation
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red
No detection rules found.
No public exploits indexed.
2017-02-13
Published