Library File Security Flaw in SICAM PAS/PQS by Siemens
CVE-2022-43722

7.8HIGH

Key Information:

Vendor: Siemens
Status: Sicam Pas/pqs
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability exists in the SICAM PAS/PQS systems due to insufficient security measures on a folder containing critical library files. This flaw enables attackers to inject malicious DLL files into the folder, which can be executed with SYSTEM rights when a service requiring the DLL is initiated. Consequently, there is a significant risk of unauthorized actions being performed on the system, potentially leading to severe consequences. Users are urged to update to the latest firmware version to mitigate this risk.

Affected Version(s)

SICAM PAS/PQS All versions < V7.0

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84907...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Oct 24, 2022