Vulnerability Description
Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
CVSS Score
6.7
MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sicam Pas\/Pqs | <= 8.07 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/91525Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/91525Third Party AdvisoryVDB Entry
- http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdfVendor Advisory
- https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2016-5848?
CVE-2016-5848 is a vulnerability with a CVSS score of 6.7 (MEDIUM). Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.
How severe is CVE-2016-5848?
CVE-2016-5848 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-5848?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sicam Pas\/Pqs.