Published: 04/07/2016 Updated: 17/10/2023

CVSS v2 Base Score: 1.7 | Impact Score: 2.9 | Exploitability Score: 3.1

CVSS v3 Base Score: 6.7 | Impact Score: 5.9 | Exploitability Score: 0.8

VMScore: 151

Vector: AV:L/AC:L/Au:S/C:P/I:N/A:N

Siemens SICAM PAS prior to 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
siemens sicam pas\\/pqs

Vuln drains energy sector control kit

The Register • Team Register • 05 Jul 2016

One patched, one to go

The US industrial control system computer emergency response team (ICS-CERT) has warned of twin flaws in substation control software. The SICAM Power Automation System contains poorly protected credentials (CVE-2016-5848) and information exposure (CVE-2016-5849) found by Russian researchers Ilya Karpov and Dmitry Sklyarov of Positive Technologies. The CERT warns lowly hackers could exploit the holes but only with pre-existing local access, greatly limiting the exposure. "An authenticated local u...

CVE-2016-5848

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect