Insecure Permissions in SICAM PAS/PQS by Siemens
CVE-2023-38640

4.4MEDIUM

Key Information:

Vendor: Siemens
Status: Sicam Pas/pqs
Vendor: CVE Published:; 10 October 2023

What is CVE-2023-38640?

A vulnerability has been discovered in SICAM PAS/PQS, where specific files and folders are configured with insecure permissions. This allows an authenticated local attacker the potential to read and alter configuration data within the application process. Proper permission settings and rigorous audits of file access are essential to mitigate this risk and protect sensitive configuration data from unauthorized modifications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SICAM PAS/PQS V8.00

References

https://cert-portal.siemens.com/productcert/pdf/ssa-03546...

https://cert-portal.siemens.com/productcert/html/ssa-0354...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jul 21, 2023

JSON

Siemens