var-202212-1159
Vulnerability from variot
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Siemens' sicam pas/pqs Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software of Siemens with an operating system for energy automation and power quality.
There is a security hole in Siemens SICAM PAS/PQS versions before V7.0, which stems from the failure to properly protect the containing folder
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202212-1159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sicam pas\\/pqs",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "7.0"
},
{
"model": "sicam pas/pqs",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam pas/pqs",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sicam pas/pqs",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": "7.0"
},
{
"model": "sicam pas/pqs",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v7.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43722"
}
]
},
"cve": "CVE-2022-43722",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2022-89761",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-43722",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-43722",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-89761",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202212-3100",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SICAM PAS/PQS (All versions \u003c V7.0). Affected software does not properly secure a folder containing library files. This could allow an attacker to place a custom malicious DLL in this folder which is then run with SYSTEM rights when a service is started that requires this DLL. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions. Siemens\u0027 sicam pas/pqs Exists in a vulnerability in an element of an uncontrolled search path.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SICAM PAS/PQS is a software of Siemens with an operating system for energy automation and power quality. \n\r\n\r\nThere is a security hole in Siemens SICAM PAS/PQS versions before V7.0, which stems from the failure to properly protect the containing folder",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "VULHUB",
"id": "VHN-440859"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-43722",
"trust": 3.9
},
{
"db": "SIEMENS",
"id": "SSA-849072",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-22-349-19",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU91561630",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-89761",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-440859",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "VULHUB",
"id": "VHN-440859"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"id": "VAR-202212-1159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "VULHUB",
"id": "VHN-440859"
}
],
"trust": 1.2969863
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
}
]
},
"last_update_date": "2023-12-18T11:36:29.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Siemens SICAM PAS/PQS Uncontrolled Search Path Element Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/380781"
},
{
"title": "Siemens SICAM PAS/PQS Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=217839"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-427",
"trust": 1.1
},
{
"problemtype": "Uncontrolled search path elements (CWE-427) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-440859"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-849072.pdf"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91561630/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-43722"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-19"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-43722/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "VULHUB",
"id": "VHN-440859"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"db": "VULHUB",
"id": "VHN-440859"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-440859"
},
{
"date": "2023-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"date": "2022-12-13T16:15:24.070000",
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"date": "2022-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-12-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-89761"
},
{
"date": "2022-12-15T00:00:00",
"db": "VULHUB",
"id": "VHN-440859"
},
{
"date": "2023-11-28T03:05:00",
"db": "JVNDB",
"id": "JVNDB-2022-023210"
},
{
"date": "2023-10-17T19:05:34.467000",
"db": "NVD",
"id": "CVE-2022-43722"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens\u0027 \u00a0sicam\u00a0pas/pqs\u00a0 Vulnerability regarding uncontrolled search path elements in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-023210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202212-3100"
}
],
"trust": 0.6
}
}
Loading...