CVE-2022-43724
CVSS V2 None
CVSS V3 None
Description
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
Overview
- CVE ID
- CVE-2022-43724
- Assigner
- productcert@siemens.com
- Vulnerability Status
- Analyzed
- Published Version
- 2022-12-13T16:15:24
- Last Modified Date
- 2022-12-15T20:02:00
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:siemens:sicam_pas:*:*:*:*:*:*:*:* | 1 | OR | 7.0 | |
| cpe:2.3:a:siemens:sicam_pqs:*:*:*:*:*:*:*:* | 1 | OR | 7.0 |
References
| Reference URL | Reference Tags |
|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-43724 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43724 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-13 16:18:30 | Added to TrackCVE | |||
| 2022-12-13 17:21:57 | 2022-12-13T16:15:24.327 | 2022-12-13T16:15:24 | CVE Published Date | updated |
| 2022-12-13 17:21:57 | 2022-12-13T17:15:17 | CVE Modified Date | updated | |
| 2022-12-13 17:21:57 | Received | Awaiting Analysis | Vulnerability Status | updated |
| 2022-12-13 17:21:57 | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. | Description | updated |
| 2022-12-15 16:18:05 | Awaiting Analysis | Undergoing Analysis | Vulnerability Status | updated |
| 2022-12-15 20:14:59 | 2022-12-15T20:02:00 | CVE Modified Date | updated | |
| 2022-12-15 20:14:59 | Undergoing Analysis | Analyzed | Vulnerability Status | updated |
| 2022-12-15 20:14:59 | CWE-319 | Weakness Enumeration | new | |
| 2022-12-15 20:14:59 | CPE Information | updated |