Insecure Permissions in SICAM PAS/PQS by Siemens
CVE-2023-38640

4.4MEDIUM

Key Information:

Vendor: Siemens
Status: Sicam Pas/pqs
Vendor: CVE Published:; 10 October 2023

Summary

A vulnerability has been discovered in SICAM PAS/PQS, where specific files and folders are configured with insecure permissions. This allows an authenticated local attacker the potential to read and alter configuration data within the application process. Proper permission settings and rigorous audits of file access are essential to mitigate this risk and protect sensitive configuration data from unauthorized modifications.

Affected Version(s)

SICAM PAS/PQS V8.00

References

https://cert-portal.siemens.com/productcert/pdf/ssa-03546...

https://cert-portal.siemens.com/productcert/html/ssa-0354...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jul 21, 2023