CVE-2022-43724
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Se ha identificado una vulnerabilidad en SICAM PAS/PQS (Todas las versiones < V7.0). El software afectado transmite las credenciales de la base de datos para el servidor SQL incorporado en texto plano. En combinación con la función xp_cmdshell habilitada de forma predeterminada, atacantes remotos no autenticados podrían ejecutar comandos personalizados del sistema operativo. En el momento de asignar el CVE, la versión de firmware afectada del componente ya ha sido reemplazada por versiones principales sucesivas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-10-24 CVE Reserved
- 2022-12-13 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-319: Cleartext Transmission of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf | 2023-10-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Siemens Search vendor "Siemens" | Sicam Pas\/pqs Search vendor "Siemens" for product "Sicam Pas\/pqs" | < 7.0 Search vendor "Siemens" for product "Sicam Pas\/pqs" and version " < 7.0" | - |
Affected
| ||||||