Details of VAR-202212-1159

ID

VAR-202212-1159

CVE

CVE-2022-43722

TITLE

Siemens' sicam pas/pqs Vulnerability regarding uncontrolled search path elements in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023210

DESCRIPTION

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Siemens' sicam pas/pqs Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software of Siemens with an operating system for energy automation and power quality. There is a security hole in Siemens SICAM PAS/PQS versions before V7.0, which stems from the failure to properly protect the containing folder

Trust: 2.25

sources: NVD: CVE-2022-43722 // JVNDB: JVNDB-2022-023210 // CNVD: CNVD-2022-89761 // VULHUB: VHN-440859

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-89761

AFFECTED PRODUCTS

vendor:	siemens	model:	sicam pas\/pqs	scope:	lt	version:	7.0	Trust: 1.0
vendor:	シーメンス	model:	sicam pas/pqs	scope:	eq	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sicam pas/pqs	scope:	-	version:	-	Trust: 0.8
vendor:	シーメンス	model:	sicam pas/pqs	scope:	eq	version:	7.0	Trust: 0.8
vendor:	siemens	model:	sicam pas/pqs	scope:	lt	version:	v7.0	Trust: 0.6

sources: CNVD: CNVD-2022-89761 // JVNDB: JVNDB-2022-023210 // NVD: CVE-2022-43722

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-43722
value:	HIGH
Trust: 1.0
NVD:	CVE-2022-43722
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-89761
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202212-3100
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2022-89761
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-43722
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2022-43722
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-89761 // JVNDB: JVNDB-2022-023210 // CNNVD: CNNVD-202212-3100 // NVD: CVE-2022-43722

PROBLEMTYPE DATA

problemtype:	CWE-427	Trust: 1.1
problemtype:	Uncontrolled search path elements (CWE-427) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-440859 // JVNDB: JVNDB-2022-023210 // NVD: CVE-2022-43722

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202212-3100

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202212-3100

PATCH

title:	Patch for Siemens SICAM PAS/PQS Uncontrolled Search Path Element Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/380781	Trust: 0.6
title:	Siemens SICAM PAS/PQS Fixes for code issue vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=217839	Trust: 0.6

sources: CNVD: CNVD-2022-89761 // CNNVD: CNNVD-202212-3100

EXTERNAL IDS

db:	NVD	id:	CVE-2022-43722	Trust: 3.9
db:	SIEMENS	id:	SSA-849072	Trust: 3.1
db:	ICS CERT	id:	ICSA-22-349-19	Trust: 0.8
db:	JVN	id:	JVNVU91561630	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-023210	Trust: 0.8
db:	CNVD	id:	CNVD-2022-89761	Trust: 0.6
db:	CNNVD	id:	CNNVD-202212-3100	Trust: 0.6
db:	VULHUB	id:	VHN-440859	Trust: 0.1

sources: CNVD: CNVD-2022-89761 // VULHUB: VHN-440859 // JVNDB: JVNDB-2022-023210 // CNNVD: CNNVD-202212-3100 // NVD: CVE-2022-43722

REFERENCES

url:	https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf	Trust: 3.1
url:	https://jvn.jp/vu/jvnvu91561630/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-43722	Trust: 0.8
url:	https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-19	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-43722/	Trust: 0.6

sources: CNVD: CNVD-2022-89761 // VULHUB: VHN-440859 // JVNDB: JVNDB-2022-023210 // CNNVD: CNNVD-202212-3100 // NVD: CVE-2022-43722

SOURCES

db:	CNVD	id:	CNVD-2022-89761
db:	VULHUB	id:	VHN-440859
db:	JVNDB	id:	JVNDB-2022-023210
db:	CNNVD	id:	CNNVD-202212-3100
db:	NVD	id:	CVE-2022-43722

LAST UPDATE DATE

2024-08-14T12:08:45.729000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-89761	date:	2022-12-26T00:00:00
db:	VULHUB	id:	VHN-440859	date:	2022-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-023210	date:	2023-11-28T03:05:00
db:	CNNVD	id:	CNNVD-202212-3100	date:	2022-12-16T00:00:00
db:	NVD	id:	CVE-2022-43722	date:	2023-10-17T19:05:34.467

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-89761	date:	2022-12-26T00:00:00
db:	VULHUB	id:	VHN-440859	date:	2022-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-023210	date:	2023-11-28T00:00:00
db:	CNNVD	id:	CNNVD-202212-3100	date:	2022-12-13T00:00:00
db:	NVD	id:	CVE-2022-43722	date:	2022-12-13T16:15:24.070