ID

VAR-202212-1160


CVE

CVE-2022-43724


TITLE

Siemens'  sicam pas/pqs  Vulnerability in plaintext transmission of important information in

Trust: 0.8

sources: JVNDB: JVNDB-2022-023208

DESCRIPTION

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Siemens' sicam pas/pqs Contains a vulnerability in the transmission of important information in clear text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software of Siemens company with an operating system for energy automation and power quality

Trust: 2.25

sources: NVD: CVE-2022-43724 // JVNDB: JVNDB-2022-023208 // CNVD: CNVD-2022-89759 // VULHUB: VHN-440861

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-89759

AFFECTED PRODUCTS

vendor:siemensmodel:sicam pas\/pqsscope:ltversion:7.0

Trust: 1.0

vendor:シーメンスmodel:sicam pas/pqsscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:sicam pas/pqsscope: - version: -

Trust: 0.8

vendor:シーメンスmodel:sicam pas/pqsscope:eqversion:7.0

Trust: 0.8

vendor:siemensmodel:sicam pas/pqsscope:ltversion:v7.0

Trust: 0.6

sources: CNVD: CNVD-2022-89759 // JVNDB: JVNDB-2022-023208 // NVD: CVE-2022-43724

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-43724
value: CRITICAL

Trust: 1.0

NVD: CVE-2022-43724
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2022-89759
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202212-3099
value: CRITICAL

Trust: 0.6

CNVD: CNVD-2022-89759
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2022-43724
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2022-43724
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2022-89759 // JVNDB: JVNDB-2022-023208 // CNNVD: CNNVD-202212-3099 // NVD: CVE-2022-43724

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:Sending important information in clear text (CWE-319) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-440861 // JVNDB: JVNDB-2022-023208 // NVD: CVE-2022-43724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-3099

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202212-3099

PATCH

title:Patch for Siemens SICAM PAS/PQS Sensitive Information Plaintext Transmission Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/380771

Trust: 0.6

title:Siemens SICAM PAS/PQS Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=217838

Trust: 0.6

sources: CNVD: CNVD-2022-89759 // CNNVD: CNNVD-202212-3099

EXTERNAL IDS

db:NVDid:CVE-2022-43724

Trust: 3.9

db:SIEMENSid:SSA-849072

Trust: 3.1

db:ICS CERTid:ICSA-22-349-19

Trust: 0.8

db:JVNid:JVNVU91561630

Trust: 0.8

db:JVNDBid:JVNDB-2022-023208

Trust: 0.8

db:CNVDid:CNVD-2022-89759

Trust: 0.6

db:CNNVDid:CNNVD-202212-3099

Trust: 0.6

db:VULHUBid:VHN-440861

Trust: 0.1

sources: CNVD: CNVD-2022-89759 // VULHUB: VHN-440861 // JVNDB: JVNDB-2022-023208 // CNNVD: CNNVD-202212-3099 // NVD: CVE-2022-43724

REFERENCES

url:https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf

Trust: 3.1

url:https://jvn.jp/vu/jvnvu91561630/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2022-43724

Trust: 0.8

url:https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-19

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2022-43724/

Trust: 0.6

sources: CNVD: CNVD-2022-89759 // VULHUB: VHN-440861 // JVNDB: JVNDB-2022-023208 // CNNVD: CNNVD-202212-3099 // NVD: CVE-2022-43724

SOURCES

db:CNVDid:CNVD-2022-89759
db:VULHUBid:VHN-440861
db:JVNDBid:JVNDB-2022-023208
db:CNNVDid:CNNVD-202212-3099
db:NVDid:CVE-2022-43724

LAST UPDATE DATE

2024-08-14T12:26:10.606000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2022-89759date:2022-12-26T00:00:00
db:VULHUBid:VHN-440861date:2022-12-15T00:00:00
db:JVNDBid:JVNDB-2022-023208date:2023-11-28T03:03:00
db:CNNVDid:CNNVD-202212-3099date:2022-12-16T00:00:00
db:NVDid:CVE-2022-43724date:2023-10-17T19:01:36.840

SOURCES RELEASE DATE

db:CNVDid:CNVD-2022-89759date:2022-12-26T00:00:00
db:VULHUBid:VHN-440861date:2022-12-13T00:00:00
db:JVNDBid:JVNDB-2022-023208date:2023-11-28T00:00:00
db:CNNVDid:CNNVD-202212-3099date:2022-12-13T00:00:00
db:NVDid:CVE-2022-43724date:2022-12-13T16:15:24.327