CVE-2016-5848

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 34%
VendorProductVersion
siemenssicam_pas\/pqs
𝑥
≤ 8.07
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/91525
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02
http://www.securityfocus.com/bid/91525
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02