Siemens Sicam Paspqs
By the Year
In 2024 there have been 0 vulnerabilities in Siemens Sicam Paspqs . Last year Sicam Paspqs had 2 security vulnerabilities published. Right now, Sicam Paspqs is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 6.10 |
| 2022 | 3 | 8.37 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 1 | 7.80 |
It may take a day or so for new Sicam Paspqs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Siemens Sicam Paspqs Security Vulnerabilities
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20)
CVE-2023-45205
7.8 - High
- October 10, 2023
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.
Incorrect Permission Assignment for Critical Resource
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22)
CVE-2023-38640
4.4 - Medium
- October 10, 2023
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.
Incorrect Permission Assignment for Critical Resource
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)
CVE-2022-43724
9.8 - Critical
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Cleartext Transmission of Sensitive Information
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06)
CVE-2022-43723
7.5 - High
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Improper Input Validation
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0)
CVE-2022-43722
7.8 - High
- December 13, 2022
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
DLL preloading
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80)
CVE-2018-4858
7.8 - High
- July 09, 2018
A vulnerability has been identified in IEC 61850 system configurator (All versions < V5.80), DIGSI 5 (affected as IEC 61850 system configurator is incorporated) (All versions < V7.80), DIGSI 4 (All versions < V4.93), SICAM PAS/PQS (All versions < V8.11), SICAM PQ Analyzer (All versions < V3.11), SICAM SCC (All versions < V9.02 HF3). A service of the affected products listening on all of the host's network interfaces on either port 4884/TCP, 5885/TCP, or port 5886/TCP could allow an attacker to either exfiltrate limited data from the system or to execute code with Microsoft Windows user permissions. Successful exploitation requires an attacker to be able to send a specially crafted network request to the vulnerable service and a user interacting with the service's client application on the host. In order to execute arbitrary code with Microsoft Windows user permissions, an attacker must be able to plant the code in advance on the host by other means. The vulnerability has limited impact to confidentiality and integrity of the affected system. At the time of advisory publication no public exploitation of this security vulnerability was known. Siemens confirms the security vulnerability and provides mitigations to resolve the security issue.
An issue was discovered in Siemens SICAM PAS before 8.00
CVE-2016-8567
9.8 - Critical
- February 13, 2017
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP.
Use of Hard-coded Credentials
An issue was discovered in Siemens SICAM PAS before 8.00
CVE-2016-8566
7.8 - High
- February 13, 2017
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database.
Credentials Management Errors
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could
CVE-2016-9157
9.8 - Critical
- December 05, 2016
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP.
Improper Input Validation
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could
CVE-2016-9156
7.3 - High
- December 05, 2016
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP.
Improper Input Validation
Siemens SICAM PAS through 8.07
CVE-2016-5849
2.5 - Low
- July 04, 2016
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.
Information Disclosure
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database
CVE-2016-5848
6.7 - Medium
- July 04, 2016
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
Credentials Management Errors
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Siemens Sicam Paspqs or by Siemens? Click the Watch button to subscribe.
