CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.20. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to NT AUTHORITY/SYSTE...

7.8CVSS7AI score0.00162EPSS

Exploits0

RedhatCVE•added 2025/05/23 2:19 a.m.•4 views

CVE-2023-38640

A vulnerability has been identified in SICAM PAS/PQS All versions = V8.00 V8.22. The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the applicatio...

6.6CVSS6.2AI score0.00149EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:13 a.m.•5 views

CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xpcmdshell feature unauthenticated remote attackers could execute custom OS commands. At...

9.8CVSS8AI score0.00622EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 12:13 a.m.•2 views

CVE-2022-43723

A vulnerability has been identified in SICAM PAS/PQS All versions = 7.0 V8.06. Affected software does not properly validate the input for a certain parameter in the s7ontcp.dll. This could allow an unauthenticated remote attacker to send messages and create a denial of service condition as the...

7.5CVSS7.1AI score0.00919EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 11:57 p.m.•3 views

CVE-2022-43722

A vulnerability has been identified in SICAM PAS/PQS All versions V7.0. Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that...

7.8CVSS6.7AI score0.00217EPSS

Exploits0References1

BDU FSTEC•added 2023/10/21 12:0 a.m.•5 views

The vulnerability of the SICAM PAS/PQS automation software for controlling electrical energy facilities lies in the improper assignment of permissions for critical resources during the verification of the certificate signing request. This allows a violator to read and modify these configuration data within the context of the application process.

The vulnerability of the SICAM PAS/PQS software for automating control systems in electrical energy facilities is related to the incorrect assignment of permissions to critical resources. Exploiting this vulnerability could allow an attacker to read and modify configuration data during the...

6.6CVSS5.5AI score0.00149EPSS

Exploits0References2Affected Software1

CNVD•added 2023/10/12 12:0 a.m.•21 views

Siemens SICAM PAS/PQS Incorrect Privilege Assignment Vulnerability (CNVD-2023-75593)

Siemens SICAM PAS/PQS is a software from Siemens with an operating system for energy automation and power quality. Siemens SICAM PAS/PQS suffers from an incorrect privilege assignment vulnerability that can be exploited to inject arbitrary code and elevate privileges to NT AUTHORITY/SYSTEM...

7.8CVSS7.4AI score0.00162EPSS

Exploits0References1