CVE-2023-38640
published 2023-10-10CVE-2023-38640: A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders…
PriorityP418medium4.4CVSS 3.1
AVLACLPRLUINSUCLILAN
EPSS
0.15%
4.5th percentile
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | sicam_pas_pqs | >= 8.00 < 8.22 | 8.22 |
| siemens | sicam_pas_pqs | >= V8.00 < V8.22 | V8.22 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vvhw-v3wp-4m8r: A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8
ghsa_unreviewed·2023-10-10
CVE-2023-38640 [MEDIUM] CWE-732 GHSA-vvhw-v3wp-4m8r: A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.
CISA ICS
Siemens SICAM PAS/PQS
cisa_ics·2023-10-12·CVSS 6.6
[MEDIUM] Siemens SICAM PAS/PQS
ICS Advisory
##
Siemens SICAM PAS/PQS
Release DateOctober 12, 2023
Alert CodeICSA-23-285-06
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.6
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: SICAM PAS/PQS
- Vulnerability: Incorrect Permission Assignment for Critical Resource
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain persistence or potentially escalate privileges in the conte
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-10-10
Published