Siemens SICAM PAS/SICAM PQS up to 6.x cleartext transmission
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.7 | $0-$5k | 0.00 |
Summary
A vulnerability described as problematic has been identified in Siemens SICAM PAS and SICAM PQS up to 6.x. Affected by this issue is some unknown functionality. Executing a manipulation can lead to cleartext transmission. This vulnerability appears as CVE-2022-43724. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability was found in Siemens SICAM PAS and SICAM PQS up to 6.x. It has been declared as problematic. This vulnerability affects an unknown code block. The manipulation with an unknown input leads to a cleartext transmission vulnerability. The CWE definition for the vulnerability is CWE-319. The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. As an impact it is known to affect confidentiality. CVE summarizes:
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
The weakness was presented 12/13/2022 as ssa-849072. The advisory is available at cert-portal.siemens.com. This vulnerability was named CVE-2022-43724 since 10/24/2022. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1040 by the MITRE ATT&CK project.
Upgrading to version 7.0 eliminates this vulnerability.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Vendor
Name
Version
License
Website
- Vendor: https://www.siemens.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.7VulDB Meta Temp Score: 6.7
VulDB Base Score: 3.7
VulDB Temp Score: 3.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Cleartext transmissionCWE: CWE-319 / CWE-310
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: SICAM PAS/SICAM PQS 7.0
Timeline
10/24/2022 🔍12/13/2022 🔍
12/13/2022 🔍
01/07/2023 🔍
Sources
Vendor: siemens.comAdvisory: ssa-849072
Status: Confirmed
CVE: CVE-2022-43724 (🔍)
GCVE (CVE): GCVE-0-2022-43724
GCVE (VulDB): GCVE-100-215458
Entry
Created: 12/13/2022 18:48Updated: 01/07/2023 16:07
Changes: 12/13/2022 18:48 (40), 01/07/2023 16:07 (11)
Complete: 🔍
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.