Lucene search
K

148 matches found

Vulnrichment
Vulnrichment
added 2022/12/13 12:0 a.m.4 views

CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...

8.3AI score0.00622EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.8 views

CVE-2022-43723

A vulnerability has been identified in SICAM PAS/PQS All versions = 7.0 V8.06. Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the...

7.6AI score0.00919EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.10 views

CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...

9.9AI score0.00622EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/13 12:0 a.m.15 views

CVE-2022-43722

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that...

7.5AI score0.00217EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/12/13 12:0 a.m.3 views

PT-2022-27017 · Siemens · Sicam Pas/Pqs

Name of the Vulnerable Software and Affected Versions: SICAM PAS/PQS versions prior to 7.0 SICAM PAS/PQS versions 7.0 through 8.05 Description: A vulnerability has been identified in the affected software, where it does not properly validate the input for a certain parameter in the s7ontcp.dll...

7.5CVSS7.5AI score0.00919EPSS
Exploits0References2
ICS
ICS
added 2022/12/13 12:0 a.m.39 views

Siemens SICAM PAS

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SICAM PAS Vulnerabilities: Uncontrolled Search Path Element, Improper Validation of Specified Type of Input, Cleartext Transmission of Sensitive Information 2. RISK EVALUATION...

9.8CVSS9.1AI score0.00919EPSS
Exploits0References11
The Hacker News
The Hacker News
added 2021/02/16 6:0 a.m.5 views

Hackers Exploit IT Monitoring Tool Centreon to Target Several French Entities

Russia-linked state-sponsored threat actor known as Sandworm has been linked to a three-year-long stealthy operation to hack targets by exploiting an IT monitoring tool called Centreon. The intrusion campaign — which breached "several French entities" — is said to have started in late 2017 and...

6AI score
Exploits0
CVE
CVE
added 2020/04/01 8:59 p.m.64 views

CVE-2020-10598

CVE-2020-10598 affects BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1. The issue is a restricted desktop environment escape in kiosk mode. Somelike crafted inputs could allow a user with access to escape the restricted environment and access sensitive data. The a...

6.1CVSS6.1AI score0.00334EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/03/07 7:0 p.m.43 views

CVE-2019-3777

Pivotal Application Service (PAS) versions 2.2.x before 2.2.12, 2.3.x before 2.3.7, and 2.4.x before 2.4.3 contain an apps manager that uses a Cloud Controller proxy which fails to verify SSL certificates. A remote unauthenticated attacker could hijack the Cloud Controller’s DNS record to interce...

9.8CVSS8.8AI score0.01908EPSS
Exploits0References2Affected Software1
ThreatPost
ThreatPost
added 2018/07/25 3:25 p.m.10 views

Podcast: The Industrial World is Facing a Security Crisis

As more industrial systems become connected, so follows increased awareness of security issues surrounding industrial control systems, programmable logic controllers and SCADA. These once rare worlds of operational technology OT and IoT have now become part of the mainstream cybersecurity...

1.4AI score
Exploits0References1
CVE
CVE
added 2018/07/09 7:0 p.m.79 views

CVE-2018-4858

Siemens CVE-2018-4858 affects IEC 61850 system configurator family (IEC 61850 system configurator < v5.80; DIGSI 5 < v7.80; DIGSI 4 < v4.93; SICAM PAS/PQS < v8.11; SICAM PQ Analyzer < v3.11; SICAM SCC

9.3CVSS7.5AI score0.01841EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/07/09 7:0 p.m.25 views

CVE-2018-4858

A vulnerability has been identified in IEC 61850 system configurator All versions V5.80, DIGSI 5 affected as IEC 61850 system configurator is incorporated All versions V7.80, DIGSI 4 All versions V4.93, SICAM PAS/PQS All versions V8.11, SICAM PQ Analyzer All versions V3.11, SICAM SCC All versions...

7.5AI score0.01841EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2018/07/09 12:0 a.m.5 views

PT-2018-16575 · Siemens +1 · Sicam Pas/Pqs +6

Name of the Vulnerable Software and Affected Versions: IEC 61850 system configurator versions prior to V5.80 DIGSI 5 versions prior to V7.80 DIGSI 4 versions prior to V4.93 SICAM PAS/PQS versions prior to V8.11 SICAM PQ Analyzer versions prior to V3.11 SICAM SCC versions prior to V9.02 HF3...

9.3CVSS7.7AI score0.01841EPSS
Exploits0References4
ICS
ICS
added 2018/06/26 12:0 a.m.603 views

ICSA-18-317-01 Siemens IEC 61850 System Configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC

1. EXECUTIVE SUMMARY CVSS v3 4.2 ATTENTION: Exploitable remotely Vendor: Siemens Equipment: IEC 61850 system configurator, DIGSI 5, DIGSI 4, SICAM PAS/PQS, SICAM PQ Analyzer, and SICAM SCC Vulnerability: Improper Access Control 2. RISK EVALUATION Successful exploitation of this vulnerability...

9.3CVSS7.8AI score0.01841EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.6 views

The vulnerability of the software of Siemens SICAM PAS systems for power management and control involves insufficient protection of passwords in the databases, allowing attackers to calculate the passwords.

The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement is related to insufficient protection of passwords in the databases. Exploiting this vulnerability allows a malicious actor, operating locally, to calculate the passwords using certain privileges...

1.7CVSS6.6AI score0.00313EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/10/05 12:0 a.m.5 views

The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement in the electric energy sector lies in the insufficient protection of passwords in the databases, which allows attackers to calculate the passwords.

The vulnerability of the software in Siemens SICAM PAS systems for telecontrol and telemanagement is related to insufficient protection of passwords in the databases. Exploiting this vulnerability allows a malicious actor, operating locally, to calculate the passwords using certain privileges...

2.1CVSS5.4AI score0.00317EPSS
Exploits0References6Affected Software1
n0where
n0where
added 2017/06/15 5:14 a.m.29 views

Open Source Full Featured Network Operating System: OpenSwitch

Open Source Full Featured Network Operating System OpenSwitch provides a fully-featured L2/L3 control plane stack, traditional and programmatic, declarative control plane. The 24×7 nature of global digital economy and the explosion of data have changed how we think about data center networking...

7.5AI score
Exploits0References4
OSV
OSV
added 2017/02/13 9:59 p.m.5 views

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

9.8CVSS5.8AI score0.01821EPSS
Exploits0References2
OSV
OSV
added 2017/02/13 9:59 p.m.4 views

CVE-2016-8566

An issue was discovered in Siemens SICAM PAS before 8.00. Because of Storing Passwords in a Recoverable Format, an authenticated local attacker with certain privileges could possibly reconstruct the passwords of users for accessing the database...

7.8CVSS5.8AI score0.00317EPSS
Exploits0References2
NVD
NVD
added 2017/02/13 9:59 p.m.20 views

CVE-2016-8567

An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in the SICAM PAS installations. Attackers might gain privileged access to the database over Port 2638/TCP...

9.8CVSS9.4AI score0.01821EPSS
Exploits0References2
Rows per page
Query Builder