A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSiemens Sicam Pas\/pqs
APPSiemens< 7.0
Powiązane podatności
An issue was discovered in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is prese...
A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Deni...
A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application...
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properl...
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0), SICAM PAS/PQS (All versions >= 7.0...