Description
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/91525
Vendor Advisory x_refsource_confirm
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
Scores
CVSS v3
6.7
EPSS
0.0014
EPSS Percentile
33.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-200
CWE-255
Status
published
Products (1)
siemens/sicam_pas\/pqs
< 8.07
Published
Jul 04, 2016
Tracked Since
Feb 18, 2026