CVE-2016-8567
https://notcve.org/view.php?id=CVE-2016-8567
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP. Ha sido descubierto un problema en Siemens SICAM PAS en versiones anteriores a 8.00. Una cuenta de fábrica con contraseñas embebidas está presente en las instalaciones de SICAM PAS. • http://www.securityfocus.com/bid/94549 https://ics-cert.us-cert.gov/advisories/ICSA-16-336-01 • CWE-798: Use of Hard-coded Credentials •
CVE-2016-9157
https://notcve.org/view.php?id=CVE-2016-9157
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. Una vulnerabilidad en SICAM PAS (todas las versiones anteriores a 8.09) de Siemens, podría permitir a un atacante remoto causar una condición de Denegación de Servicio y conllevar potencialmente a la ejecución de código remota no autenticada mediante el envío de paquetes diseñados al puerto 19234/TCP. • http://www.securityfocus.com/bid/94549 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2016-9156
https://notcve.org/view.php?id=CVE-2016-9156
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to upload, download, or delete files in certain parts of the file system by sending specially crafted packets to port 19235/TCP. Una vulnerabilidad en SICAM PAS (todas las versiones anteriores a V8.09) de Siemens, podría permitir a un atacante remoto cargar, descargar o eliminar archivos en ciertas partes del sistema de archivos mediante el envío de paquetes especialmente diseñados al puerto 19235/TCP. • http://www.securityfocus.com/bid/94549 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-946325.pdf • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVE-2016-5848
https://notcve.org/view.php?id=CVE-2016-5848
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges. Siemens SICAM PAS en versiones anteriores a 8.07 no restringe adecuadamente datos de contraseña en la base de datos, lo que facilita a usuarios locales calcular contraseñas aprovechando privilegios de base de datos no especificados. • http://www.securityfocus.com/bid/91525 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-255: Credentials Management Errors •
CVE-2016-5849
https://notcve.org/view.php?id=CVE-2016-5849
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage. Siemens SICAM PAS hasta la versión 8.07 permite a usuarios locales obtener información sensible de configuración aprovechando la paralización de la base de datos. • http://www.securityfocus.com/bid/91525 http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •