CVE-2022-43722

HIGH

SICAM PAS/PQS < V7.0 - Code Injection

Title source: llm

Description

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

References (1)

[Patch, Vendor Advisory] https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 17.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status published

Affected Products (1)

siemens/sicam_pas\/pqs < 7.0

Timeline

Published Dec 13, 2022

Tracked Since Feb 18, 2026