148 matches found
CVE-2022-43724
A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...
CVE-2022-43723
A vulnerability has been identified in SICAM PAS/PQS All versions = 7.0 V8.06. Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the...
CVE-2022-43724
A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...
CVE-2022-43722
A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that...
PT-2022-27017 · Siemens · Sicam Pas/Pqs
Name of the Vulnerable Software and Affected Versions: SICAM PAS/PQS versions prior to 7.0 SICAM PAS/PQS versions 7.0 through 8.05 Description: A vulnerability has been identified in the affected software, where it does not properly validate the input for a certain parameter in the s7ontcp.dll...
Siemens SICAM PAS
1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM PAS Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...
Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities
Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and...
CVE-2020-10598
CVE-2020-10598 affects BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1. The issue is a restricted desktop environment escape in kiosk mode. Somelike crafted inputs could allow a user with access to escape the restricted environment and access sensitive data. The a...
CVE-2019-3777
Pivotal Application Service (PAS) versions 2.2.x before 2.2.12, 2.3.x before 2.3.7, and 2.4.x before 2.4.3 contain an apps manager that uses a Cloud Controller proxy which fails to verify SSL certificates. A remote unauthenticated attacker could hijack the Cloud Controller’s DNS record to interce...
Podcast: The Industrial World is Facing a Security Crisis
As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology OT and IoT have now become part of the mainstream cybersecurity...
CVE-2018-4858
Siemens CVE-2018-4858 affects IEC 61850 system configurator family (IEC 61850 system configurator < v5.80; DIGSI 5 < v7.80; DIGSI 4 < v4.93; SICAM PAS/PQS < v8.11; SICAM PQ Analyzer < v3.11; SICAM SCC
CVE-2018-4858
A vulnerability has been identified in IEC 61850 system configurator All versions V5.80, DIGSI 5 affected as IEC 61850 system configurator is incorporated All versions V7.80, DIGSI 4 All versions V4.93, SICAM PAS/PQS All versions V8.11, SICAM PQ Analyzer All versions V3.11, SICAM SCC All versions...
PT-2018-16575 · Siemens +1 · Sicam Pas/Pqs +6
Name of the Vulnerable Software and Affected Versions: IEC 61850 system configurator versions prior to V5.80 DIGSI 5 versions prior to V7.80 DIGSI 4 versions prior to V4.93 SICAM PAS/PQS versions prior to V8.11 SICAM PQ Analyzer versions prior to V3.11 SICAM SCC versions prior to V9.02 HF3...
ICSA-18-317-01 Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC
1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability...
The vulnerability of the software of Siemens SICAM PAS systems for power management and control involves insufficient protection of passwords in the databases, allowing attackers to calculate the passwords.
The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement is related to insufficient protection of passwords in the databases. Exploiting this vulnerability allows a malicious actor, operating locally, to calculate the passwords using certain privileges...
The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement in the electric energy sector lies in the insufficient protection of passwords in the databases, which allows attackers to calculate the passwords.
The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement is related to insufficient protection of passwords in the databases. Exploiting this vulnerability allows a malicious actor, operating locally, to calculate the passwords using certain privileges...
Open Source Full Featured Network Operating System: OpenSwitch
Open Source Full Featured Network Operating System OpenSwitch provides a fully-featured L2/L3 control plane stack, traditional and programmatic, declarative control plane. The 24×7 nature of global digital economy and the explosion of data have changed how we think about data center networking...
CVE-2016-8567
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...
CVE-2016-8566
An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database...
CVE-2016-8567
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...