Vulnerability Description
A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Sicam Pq Analyzer Firmware | < 3.18 |
| Siemens | Sicam Pq Analyzer | - |
Related Weaknesses (CWE)
References
- https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdfPatchVendor Advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdfPatchVendor Advisory
FAQ
What is CVE-2021-45460?
CVE-2021-45460 is a vulnerability with a CVSS score of 8.1 (HIGH). A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to...
How severe is CVE-2021-45460?
CVE-2021-45460 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-45460?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Sicam Pq Analyzer Firmware, Siemens Sicam Pq Analyzer.