3 matches found
CVE-2022-43724
A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...
CVE-2022-43724
CVE-2022-43724 affects Siemens SICAM PAS/PQS prior to V7.0. The vulnerability arises because the software transmits database credentials for the built-in SQL server in cleartext, and with default-enabled xp_cmdshell, an unauthenticated remote attacker could execute arbitrary OS commands. The issu...
Siemens SICAM PAS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM PAS Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...