CVE-2022-43724
published 2022-12-13CVE-2022-43724: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.62%
45.3th percentile
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | < 7.0 | 7.0 |
| siemens | sicam_pas_pqs | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for cleartext transmission of SQL server database credentials on the network, which could indicate exploitation of CVE-2022-43724 against SICAM PAS/PQS. ↗
- →Detect or alert on use of xp_cmdshell in SQL Server activity associated with SICAM PAS/PQS, as this feature is enabled by default and is the mechanism for OS command execution post-credential capture. ↗
- →Flag unauthenticated remote connections to the SICAM PAS/PQS SQL server instance, especially from external or unexpected hosts, as exploitation requires no authentication once credentials are sniffed from cleartext traffic. ↗
- ·xp_cmdshell is enabled by default in the inbuilt SQL server of SICAM PAS/PQS versions prior to V7.0, making OS command execution trivially achievable once credentials are obtained from cleartext traffic. This default-on feature significantly elevates risk. ↗
- ·All versions of SICAM PAS/PQS prior to V7.0 are affected by the cleartext credential transmission issue (CVE-2022-43724). Versions from V7.0 up to (but not including) V8.06 are affected by related vulnerabilities (CVE-2022-43722, CVE-2022-43723). ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Siemens SICAM PAS
cisa_ics·2022-12-15·CVSS 7.8
[HIGH] Siemens SICAM PAS
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens SICAM PAS
Last RevisedDecember 15, 2022
Alert CodeICSA-22-349-19
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SICAM PAS
- Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could lead to remote code execution, privilege escalation, or the creation of a denial-of-service condition.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED
GHSA
GHSA-gpf3-4fw6-p76w: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7
ghsa_unreviewed·2022-12-13
CVE-2022-43724 [CRITICAL] CWE-319 GHSA-gpf3-4fw6-p76w: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-13
Published