Vulnerabilities > CVE-2023-38640 - Unspecified vulnerability in Siemens Sicam Pas/Pqs

CVSS 4.4 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

LOW

Availability impact

NONE

local

low complexity

siemens

NVD

Published: 2023-10-10

Updated: 2024-11-21

Summary

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Sicam Pas/Pqs 8.00 Siemens Sicam Pas/Pqs 8.06 Siemens Sicam Pas/Pqs 8.07 Siemens Sicam Pas/Pqs 8.08 Siemens Sicam Pas/Pqs 8.09 Siemens Sicam Pas/Pqs 8.11 Siemens Sicam Pas/Pqs 8.20	7

References

https://cert-portal.siemens.com/productcert/html/ssa-035466.html
https://cert-portal.siemens.com/productcert/html/ssa-035466.html
https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf