CVE-2016-5848

MEDIUM

Siemens SICAM PAS <8.07 - Info Disclosure

Title source: llm

Description

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/91525

[Vendor Advisory] http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf

[Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02

Scores

CVSS v3 6.7

EPSS 0.0014

EPSS Percentile 33.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-200 CWE-255

Status draft

Affected Products (1)

siemens/sicam_pas\/pqs < 8.07

Timeline

Published Jul 04, 2016

Tracked Since Feb 18, 2026