cbcvebase.

Siemens Sicam Pas Pqs vulnerabilities

12 known vulnerabilities affecting siemens/sicam_pas_pqs.

Total CVEs
12
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH6MEDIUM2LOW1

Vulnerabilities

Page 1 of 1
CVE-2022-43724P2CRITICALCVSS 9.8fixed in 7.0vAll versions < V7.02022-12-13
CVE-2022-43724 [CRITICAL] CWE-319 CVE-2022-43724: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transm A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected fi
nvd
CVE-2016-9157P3CRITICALCVSS 9.8fixed in 8.092016-12-05
CVE-2016-9157 [CRITICAL] CWE-20 CVE-2016-9157: A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to ca A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
nvd
CVE-2016-8567P3CRITICALCVSS 9.8fixed in 8.002017-02-13
CVE-2016-8567 [CRITICAL] CWE-798 CVE-2016-8567: An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded password An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
nvd
CVE-2016-9156P3HIGHCVSS 7.3fixed in 8.092016-12-05
CVE-2016-9156 [HIGH] CWE-20 CVE-2016-9156: A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to up A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
nvd
CVE-2018-4858P3HIGHCVSS 7.8fixed in 8.112018-07-09
CVE-2018-4858 [HIGH] CWE-284 CVE-2018-4858: A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the aff
nvd
CVE-2022-43723P3HIGHCVSS 7.5≥ 7.0, < 8.06vAll versions < V7.0+1 more2022-12-13
CVE-2022-43723 [HIGH] CWE-1287 CVE-2022-43723: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versi A vulnerability has been identified in SICAM PAS/PQS (All versions = 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE
nvd
CVE-2023-45205P3HIGHCVSS 7.8≥ 8.00, < 8.20≥ V8.00, < V8.202023-10-10
CVE-2023-45205 [HIGH] CWE-732 CVE-2023-45205: A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected a A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.
nvd
CVE-2022-43722P3HIGHCVSS 7.8fixed in 7.0vAll versions < V7.02022-12-13
CVE-2022-43722 [HIGH] CWE-427 CVE-2022-43722: A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does n A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, th
nvd
CVE-2016-8566P4HIGHCVSS 7.8fixed in 8.002017-02-13
CVE-2016-8566 [HIGH] CWE-255 CVE-2016-8566: An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recovera An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.
nvd
CVE-2016-5848P4MEDIUMCVSS 6.7≤ 8.072016-07-04
CVE-2016-5848 [MEDIUM] CWE-200 CVE-2016-5848: Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
nvd
CVE-2023-38640P4MEDIUMCVSS 4.4≥ 8.00, < 8.22≥ V8.00, < V8.222023-10-10
CVE-2023-38640 [MEDIUM] CWE-732 CVE-2023-38640: A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected a A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.
nvd
CVE-2016-5849P4LOWCVSS 2.5≤ 8.072016-07-04
CVE-2016-5849 [LOW] CWE-200 CVE-2016-5849: Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by l Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
nvd
Siemens Sicam Pas Pqs vulnerabilities | cvebase