cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-45205,https://securityvulnerability.io/vulnerability/CVE-2023-45205,Insecure Permissions in SICAM PAS/PQS by Siemens,"A significant vulnerability has been identified in SICAM PAS/PQS software, affecting all versions from V8.00 to just below V8.20. The issue arises from insecure file and folder permissions within the application, which may allow an authenticated local attacker to inject arbitrary code. This exploitation could lead to an elevated privilege scenario, potentially granting the attacker access to the `NT AUTHORITY/SYSTEM` level, thereby compromising the security integrity of the affected system. It is crucial for users of these versions to evaluate their configurations and apply appropriate mitigations to safeguard against potential exploitation.",Siemens,Sicam Pas/pqs,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,2023-10-10T11:15:00.000Z,0
CVE-2023-38640,https://securityvulnerability.io/vulnerability/CVE-2023-38640,Insecure Permissions in SICAM PAS/PQS by Siemens,"A vulnerability has been discovered in SICAM PAS/PQS, where specific files and folders are configured with insecure permissions. This allows an authenticated local attacker the potential to read and alter configuration data within the application process. Proper permission settings and rigorous audits of file access are essential to mitigate this risk and protect sensitive configuration data from unauthorized modifications.",Siemens,Sicam Pas/pqs,4.4,MEDIUM,0.0004199999966658652,false,,false,false,false,,false,false,2023-10-10T11:15:00.000Z,0
CVE-2023-38641,https://securityvulnerability.io/vulnerability/CVE-2023-38641,Elevated Privilege Vulnerability in SICAM TOOLBOX II by Siemens,"A security vulnerability has been identified in SICAM TOOLBOX II, where the application’s database service runs with elevated system privileges. This flaw could enable a local attacker to execute arbitrary operating system commands with the same privileges as the system user, potentially compromising the integrity and security of the affected system. It is crucial for users of versions prior to V07.10 to take immediate action to mitigate the risks associated with this vulnerability.",Siemens,SICAM TOOLBOX II,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,false,false,2023-08-08T10:15:00.000Z,0
CVE-2022-39062,https://securityvulnerability.io/vulnerability/CVE-2022-39062,Privilege Escalation Vulnerability in SICAM TOOLBOX II by Siemens,"A security flaw exists in SICAM TOOLBOX II prior to version 07.10, where improper permission settings for product folders allow authenticated users with minimal privileges to replace DLL files. This enables potential privilege escalation, posing significant security risks to the affected systems.",Siemens,Sicam Toolbox Ii,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,2023-08-08T09:20:11.510Z,0
CVE-2023-31238,https://securityvulnerability.io/vulnerability/CVE-2023-31238,Session Token Vulnerability in Siemens POWER METER SICAM Q200 Family Devices,"A session token vulnerability exists in the Siemens POWER METER SICAM Q200 family of devices. This issue arises due to the absence of cookie protection flags in the default settings. An attacker who successfully gains access to a session token can impersonate legitimate users of the application, potentially compromising security and user data. Users are advised to upgrade to the latest version (V2.70 or higher) to mitigate this vulnerability effectively.",Siemens,POWER METER SICAM Q100,4.8,MEDIUM,0.000859999970998615,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2023-30901,https://securityvulnerability.io/vulnerability/CVE-2023-30901,Web Interface Vulnerability in POWER METER SICAM Q200 by Siemens,"A vulnerability exists in the web interface of the POWER METER SICAM Q200 family that exposes it to Cross-Site Request Forgery (CSRF) attacks. An attacker can exploit this weakness by deceiving an authenticated user into clicking a malicious link, which allows the attacker to execute unauthorized commands on the targeted device while appearing to act on behalf of the user. It is crucial for users to apply the necessary updates to version V2.70 or later to mitigate this risk and safeguard their systems.",Siemens,POWER METER SICAM Q100,8.8,HIGH,0.0013200000394135714,false,,false,false,false,,false,false,2023-06-13T09:15:00.000Z,0
CVE-2022-43723,https://securityvulnerability.io/vulnerability/CVE-2022-43723,Denial of Service Vulnerability in SICAM PAS/PQS by Siemens,"A vulnerability has been discovered in the SICAM PAS/PQS software that compromises the validation of input parameters in the s7ontcp.dll component. This flaw enables unauthenticated remote attackers to exploit the system by sending crafted messages, potentially leading to a denial of service condition where the application crashes. Users are advised to update to the latest firmware versions to mitigate this risk, as the affected versions have been rendered obsolete by subsequent releases.",Siemens,Sicam Pas/pqs,7.5,HIGH,0.001550000044517219,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-43722,https://securityvulnerability.io/vulnerability/CVE-2022-43722,Library File Security Flaw in SICAM PAS/PQS by Siemens,"A vulnerability exists in the SICAM PAS/PQS systems due to insufficient security measures on a folder containing critical library files. This flaw enables attackers to inject malicious DLL files into the folder, which can be executed with SYSTEM rights when a service requiring the DLL is initiated. Consequently, there is a significant risk of unauthorized actions being performed on the system, potentially leading to severe consequences. Users are urged to update to the latest firmware version to mitigate this risk.",Siemens,Sicam Pas/pqs,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-43724,https://securityvulnerability.io/vulnerability/CVE-2022-43724,SQL Server Credential Exposure in Siemens SICAM PAS/PQS Products,"A vulnerability exists in Siemens SICAM PAS/PQS where database credentials for the integrated SQL server are transmitted in cleartext. This issue, combined with the default enabled xp_cmdshell functionality, allows unauthenticated remote attackers to execute arbitrary operating system commands, posing a significant risk to system integrity and data security. It is essential for users operating on affected versions to upgrade to versions V7.0 or later to mitigate this risk.",Siemens,Sicam Pas/pqs,9.8,CRITICAL,0.0042500002309679985,false,,false,false,false,,false,false,2022-12-13T00:00:00.000Z,0
CVE-2022-43398,https://securityvulnerability.io/vulnerability/CVE-2022-43398,Session Cookie Vulnerability in POWER METER SICAM Q200 by Siemens,"A vulnerability has been identified in the POWER METER SICAM Q200 family, where the devices fail to renew session cookies after user login/logout events and allow the acceptance of user-defined session cookies. This flaw enables an attacker to overwrite a legitimate user's session cookie, granting unauthorized access to the victim's account once they have logged in. The security implication of this vulnerability reflects a significant risk, as it could permit attackers to manipulate user sessions and potentially compromise sensitive information.",Siemens,Power Meter Sicam Q100,7.5,HIGH,0.002219999907538295,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43545,https://securityvulnerability.io/vulnerability/CVE-2022-43545,Remote Code Execution Vulnerability in POWER METER Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and SICAM P850/P855 products, where affected devices fail to properly validate the RecordType parameter in requests sent to its web interface via port 443/tcp. This flaw may allow an authenticated remote attacker to crash the device, causing it to reboot, or even execute arbitrary code. Users are urged to upgrade to the latest versions to mitigate potential risks.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43546,https://securityvulnerability.io/vulnerability/CVE-2022-43546,Remote Code Execution Vulnerability in POWER METER SICAM Q200 and P850 Series,"A vulnerability exists in the web interface of POWER METER SICAM Q200 and P850 series devices, stemming from improper validation of the EndTime parameter in requests sent to port 443/tcp. This oversight can be exploited by an authenticated remote attacker, leading to potential device crashes followed by automatic reboots or enabling unauthorized arbitrary code execution.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-43439,https://securityvulnerability.io/vulnerability/CVE-2022-43439,Vulnerability in POWER METER SICAM Q200 Family and SICAM P850/P855 Products by Siemens,"A vulnerability exists in the POWER METER SICAM Q200 family and the SICAM P850/P855, affecting versions below specified thresholds. The devices fail to properly validate the Language-parameter in requests made to the web interface over port 443. This oversight allows an authenticated remote attacker to disrupt the device's functioning by causing it to crash, which is followed by an automatic reboot. Additionally, it opens the possibility for arbitrary code execution, posing significant security risks to systems utilizing these meters.",Siemens,"Power Meter Sicam Q100,Sicam P850,Sicam P855",9.9,CRITICAL,0.004749999847263098,false,,false,false,false,,false,false,2022-11-08T00:00:00.000Z,0
CVE-2022-41665,https://securityvulnerability.io/vulnerability/CVE-2022-41665,SICAM P850 and P855 Vulnerability in Siemens Products,"A vulnerability exists in the Siemens SICAM P850 and P855 devices due to improper validation of parameters in a specific GET request. This flaw could enable an unauthenticated attacker to manipulate the device, potentially leading to a denial of service, or worse, allowing execution of arbitrary code on the device. Users are advised to update to the latest versions to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",9.8,CRITICAL,0.0009299999801442027,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-40226,https://securityvulnerability.io/vulnerability/CVE-2022-40226,Session Cookie Vulnerability in SICAM P850 and P855 Products by Siemens,"A vulnerability has been identified in the SICAM P850 and P855 products from Siemens, where affected devices accept user-defined session cookies without renewing them after login or logout. This design flaw allows potential attackers to hijack user sessions, leading to unauthorized access to sensitive information or functionalities within these systems. It is imperative for users of these products to take immediate steps to update to the latest versions to mitigate the risk of session hijacking.",Siemens,"Sicam P850,Sicam P855",7.5,HIGH,0.0005699999746866524,false,,false,false,false,,false,false,2022-10-11T00:00:00.000Z,0
CVE-2022-34464,https://securityvulnerability.io/vulnerability/CVE-2022-34464,Improperly Protected File Vulnerability in SICAM GridEdge Essential by Siemens,"A vulnerability exists within SICAM GridEdge Essential products, where an improperly secured file allows the importation of SSH keys. This flaw enables attackers with filesystem access to the host system to inject malicious SSH keys, potentially compromising secure connections and allowing unauthorized remote access. Users of all versions of SICAM GridEdge Essential for ARM and GDS, as well as Intel versions prior to V2.7.3, should take immediate action to mitigate the risk associated with this vulnerability.",Siemens,"Sicam Gridedge Essential Arm,Sicam Gridedge Essential Intel,Sicam Gridedge Essential With Gds Arm,Sicam Gridedge Essential With Gds Intel",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,2022-07-12T10:07:19.000Z,0
CVE-2022-30231,https://securityvulnerability.io/vulnerability/CVE-2022-30231,Password Disclosure Vulnerability in SICAM GridEdge Essential Solutions by Siemens,"A vulnerability exists in various versions of the SICAM GridEdge Essential software solutions that allows authenticated users to request and retrieve password hashes of other users. This security flaw can lead to unauthorized access if exploited, as it enables a user to obtain sensitive password information from the system.",Siemens,"Sicam Gridedge Essential Arm,Sicam Gridedge Essential Intel,Sicam Gridedge Essential With Gds Arm,Sicam Gridedge Essential With Gds Intel",4.3,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2022-06-14T09:21:53.000Z,0
CVE-2022-30230,https://securityvulnerability.io/vulnerability/CVE-2022-30230,Unrestricted User Creation Vulnerability in SICAM GridEdge by Siemens,"A security flaw has been discovered in SICAM GridEdge that enables attackers without authentication to create new users with administrative privileges. This vulnerability affects various versions of the product, specifically all versions prior to V2.6.6 across different configurations, including ARM and Intel variants. The presence of this issue poses a significant risk as it violates access control by not requiring proper authentication for sensitive functions.",Siemens,"Sicam Gridedge Essential Arm,Sicam Gridedge Essential Intel,Sicam Gridedge Essential With Gds Arm,Sicam Gridedge Essential With Gds Intel",9.8,CRITICAL,0.0020200000144541264,false,,false,false,false,,false,false,2022-06-14T09:21:51.000Z,0
CVE-2022-30229,https://securityvulnerability.io/vulnerability/CVE-2022-30229,Unauthorized Data Modification in SICAM GridEdge Essential by Siemens,"A serious security flaw exists in SICAM GridEdge Essential software that permits unauthorized users to perform privileged actions without authentication. This vulnerability allows attackers to alter user data, including sensitive credentials, provided they know the user ID. Affected versions include all versions prior to V2.6.6 for various configurations of the product. This weakness can significantly compromise the integrity and confidentiality of the affected systems, making it crucial for users to update to the latest version to mitigate potential risks.",Siemens,"Sicam Gridedge Essential Arm,Sicam Gridedge Essential Intel,Sicam Gridedge Essential With Gds Arm,Sicam Gridedge Essential With Gds Intel",5.3,MEDIUM,0.0007699999841861427,false,,false,false,false,,false,false,2022-06-14T09:21:50.000Z,0
CVE-2022-30228,https://securityvulnerability.io/vulnerability/CVE-2022-30228,Cross-Origin Resource Sharing Flaw in SICAM GridEdge Essential by Siemens,"A significant vulnerability has been identified in various versions of SICAM GridEdge Essential software, including both ARM and Intel builds as well as configurations with GDS. The flaw arises from the failure to enforce cross-origin resource sharing (CORS) restrictions during critical operations. This oversight allows attackers to potentially exploit the system if they can trick a legitimate user into accessing malicious resources. Such an attack could lead to improper handling of sensitive data and unauthorized actions within the affected systems.",Siemens,"Sicam Gridedge Essential Arm,Sicam Gridedge Essential Intel,Sicam Gridedge Essential With Gds Arm,Sicam Gridedge Essential With Gds Intel",6.5,MEDIUM,0.0007300000288523734,false,,false,false,false,,false,false,2022-06-14T09:21:48.000Z,0
CVE-2022-29873,https://securityvulnerability.io/vulnerability/CVE-2022-29873,SICAM P850 and P855 Remote Code Execution Vulnerability,"A vulnerability in the SICAM P850 and P855 devices allows unauthenticated attackers to manipulate the parameters of specific GET and POST requests. This oversight can lead to a denial of service condition or, more critically, unauthorized execution of arbitrary code on the affected devices. Users and administrators need to ensure that they are using versions V3.00 and above to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",9.8,CRITICAL,0.0022299999836832285,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29872,https://securityvulnerability.io/vulnerability/CVE-2022-29872,Parameter Validation Flaw in SICAM P850 and SICAM P855 Devices by Siemens,"A vulnerability has been identified within Siemens SICAM P850 and SICAM P855 devices, where improper validation of POST request parameters may be exploited. An authenticated attacker could potentially set the device into a denial of service state, or manipulate the program counter to execute arbitrary code on the device. This flaw emphasizes the importance of robust parameter validation to safeguard against malicious manipulations.",Siemens,"Sicam P850,Sicam P855",8.8,HIGH,0.0011899999808520079,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29876,https://securityvulnerability.io/vulnerability/CVE-2022-29876,Reflected XSS Vulnerability in SICAM P850 and P855 by Siemens,"A vulnerability has been detected in the SICAM P850 and P855 products by Siemens, where the devices inadequately validate the input of a GET request parameter. This flaw allows attackers to manipulate parameters, which could lead to reflected XSS attacks. Consequently, malicious actors might exploit this vulnerability to execute unauthorized scripts in the context of a user's session, potentially compromising sensitive information.",Siemens,"Sicam P850,Sicam P855",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29883,https://securityvulnerability.io/vulnerability/CVE-2022-29883,Access Control Vulnerability in SICAM P850 and P855 Products by Siemens,"A significant access control vulnerability has been discovered in the Siemens SICAM P850 and P855 products, which affects all versions prior to V3.00. This flaw allows unauthorized users to access certain unprotected pages of the web interface, enabling them to delete critical log files without any authentication. The lack of proper access restrictions poses a serious risk to the integrity and security of logging data, potentially allowing threat actors to erase traces of malicious activities. Organizations utilizing these devices are advised to implement necessary safeguards and upgrade to the latest versions to mitigate these risks.",Siemens,"Sicam P850,Sicam P855",5.3,MEDIUM,0.0008200000156648457,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0
CVE-2022-29877,https://securityvulnerability.io/vulnerability/CVE-2022-29877,Unauthenticated Access Vulnerability in SICAM P850 and P855 Products from Siemens,"An unauthenticated access vulnerability exists in SICAM P850 and SICAM P855 products, all versions below V3.00. This security flaw could permit attackers to gain access to the web interface configuration without authentication. Once inside, attackers may extract internal configuration details or modify network settings. It's important to note that although configurations can be altered, these changes will only take effect with the authentication of a user who has administrative privileges.",Siemens,"Sicam P850,Sicam P855",6.5,MEDIUM,0.0008399999933317304,false,,false,false,false,,false,false,2022-05-20T13:15:00.000Z,0