PT-2023-6262 · Siemens · Sicam Pas/Pqs
Published
2023-10-10
·
Updated
2024-06-11
·
CVE-2023-38640
CVSS v3.1
6.6
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H |
Name of the Vulnerable Software and Affected Versions
SICAM PAS/PQS versions V8.00 through V8.21
Description
The issue is related to incorrect permission assignment for a critical resource in the SICAM PAS/PQS software, which can be exploited by an authenticated local attacker to read and modify configuration data in the context of the application process.
Recommendations
For SICAM PAS/PQS versions V8.00 through V8.21, update to version V8.22 or later to resolve the issue.
As a temporary workaround, consider restricting access to the specific files and folders installed with insecure permissions to minimize the risk of exploitation.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sicam Pas/Pqs