CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45205
https://notcve.org/view.php?id=CVE-2023-45205
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones >= V8.00 < V8.20). La aplicación afectada se instala con archivos y carpetas específicos con permisos inseguros. • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf https://cert-portal.siemens.com/productcert/html/ssa-035466.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38640
https://notcve.org/view.php?id=CVE-2023-38640
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones >= V8.00 < V8.22). La aplicación afectada se instala con archivos y carpetas específicos con permisos inseguros. • https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf https://cert-portal.siemens.com/productcert/html/ssa-035466.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43722
https://notcve.org/view.php?id=CVE-2022-43722
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones < V7.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf • CWE-427: Uncontrolled Search Path Element •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43724
https://notcve.org/view.php?id=CVE-2022-43724
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones < V7.0). • https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43723
https://notcve.org/view.php?id=CVE-2022-43723
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0 < V8.06). Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the application crashes. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones < V7.0), SICAM PAS/PQS (Todas las versiones >= 7.0 < V8.06). • https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •