CVE-2022-43724

Name of the Vulnerable Software and Affected Versions SICAM PAS/PQS versions prior to V7.0

Description A security issue has been identified where the affected software transmits database credentials for the inbuilt SQL server in cleartext. This, combined with the default enabled xp cmdshell feature, allows unauthenticated remote attackers to execute custom OS commands.

Recommendations For versions prior to V7.0, update to version V7.0 or later to resolve the issue. As a temporary workaround, consider disabling the xp cmdshell feature to minimize the risk of exploitation. Restrict access to the SQL server to prevent unauthenticated remote attacks.