Insecure Permissions in SICAM PAS/PQS by Siemens
CVE-2023-45205
7.8HIGH
Summary
A significant vulnerability has been identified in SICAM PAS/PQS software, affecting all versions from V8.00 to just below V8.20. The issue arises from insecure file and folder permissions within the application, which may allow an authenticated local attacker to inject arbitrary code. This exploitation could lead to an elevated privilege scenario, potentially granting the attacker access to the NT AUTHORITY/SYSTEM
level, thereby compromising the security integrity of the affected system. It is crucial for users of these versions to evaluate their configurations and apply appropriate mitigations to safeguard against potential exploitation.
Affected Version(s)
SICAM PAS/PQS V8.00
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved