CVE-2022-43723
published 2022-12-13CVE-2022-43723: A vulnerability has been identified in SICAM PAS/PQS (All versions = 7.0 < V8.06). Affected software does not properly validate the input for a certain…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.92%
55.8th percentile
A vulnerability has been identified in SICAM PAS/PQS (All versions = 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | — | — |
| siemens | sicam_pas_pqs | — | — |
| siemens | sicam_pas_pqs | >= 7.0 < 8.06 | 8.06 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM PAS
cisa_ics·2022-12-15·CVSS 7.8
[HIGH] Siemens SICAM PAS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM PAS
Last RevisedDecember 15, 2022
Alert CodeICSA-22-349-19
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SICAM PAS
- Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to remote code execution, privilege escalation, or the creation of a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED
GHSA
GHSA-wmxm-7j47-5ww2: A vulnerability has been identified in SICAM PAS/PQS (All versions = 7
ghsa_unreviewed·2022-12-13
CVE-2022-43723 [HIGH] CWE-1287 GHSA-wmxm-7j47-5ww2: A vulnerability has been identified in SICAM PAS/PQS (All versions = 7
A vulnerability has been identified in SICAM PAS/PQS (All versions = 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-13
Published