Description
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
17.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
siemens/sicam_pas\/pqs
< 7.0
Published
Dec 13, 2022
Tracked Since
Feb 18, 2026