exploitDog

CVE-2023-45205

Опубликовано: 10 окт. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to NT AUTHORITY/SYSTEM.

Ссылки

https://cert-portal.siemens.com/productcert/html/ssa-035466.html
https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf
Patch
Vendor Advisory
https://cert-portal.siemens.com/productcert/html/ssa-035466.html
https://cert-portal.siemens.com/productcert/pdf/ssa-035466.pdf
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:siemens:sicam_pas\/pqs:*:*:*:*:*:*:*:*

Версия от 8.00 (включая) до 8.20 (исключая)

EPSS

Процентиль: 19%

0.0006

Низкий

7.8 High

CVSS3

Дефекты

CWE-732

Связанные уязвимости

GHSA-f4jh-j7c5-g9fp

CVSS3: 7.8

github

больше 2 лет назад

A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.

EPSS

Процентиль: 19%

0.0006

Низкий

7.8 High

CVSS3

Дефекты

CWE-732