CVE-2021-45460
HIGHSICAM PQ Analyzer Firmware < 3.18 - Unquoted Service Path Hijacking
Title source: llmDescription
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf
Scores
CVSS v3
8.1
EPSS
0.0083
EPSS Percentile
52.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
siemens/sicam_pq_analyzer_firmware
< 3.18
Published
Jan 11, 2022
Tracked Since
Feb 18, 2026