Denial of Service Vulnerability in SICAM PAS/PQS by Siemens
CVE-2022-43723

7.5HIGH

Key Information:

Vendor: Siemens
Status: Sicam Pas/pqs
Vendor: CVE Published:; 13 December 2022

Summary

A vulnerability has been discovered in the SICAM PAS/PQS software that compromises the validation of input parameters in the s7ontcp.dll component. This flaw enables unauthenticated remote attackers to exploit the system by sending crafted messages, potentially leading to a denial of service condition where the application crashes. Users are advised to update to the latest firmware versions to mitigate this risk, as the affected versions have been rendered obsolete by subsequent releases.

Affected Version(s)

SICAM PAS/PQS All versions < V7.0

SICAM PAS/PQS All versions >= 7.0 < V8.06

References

https://cert-portal.siemens.com/productcert/pdf/ssa-84907...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2022
Vulnerability Reserved
Oct 24, 2022