OpenCVE

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Siemens	Sicam Pas\/pqs

Configuration 1 [-]

cpe:2.3:a:siemens:sicam_pas\/pqs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/91525
http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2016-07-04T16:00:00

Updated: 2024-08-06T01:15:09.040Z

Reserved: 2016-06-27T00:00:00

Link: CVE-2016-5849

Vulnrichment

No data.

NVD

Status : Modified

Published: 2016-07-04T16:59:02.973

Modified: 2024-11-21T02:55:07.993

Link: CVE-2016-5849

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T22:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02"}, {"name": "91525", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/91525"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-5849", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02"}, {"name": "91525", "refsource": "BID", "url": "http://www.securityfocus.com/bid/91525"}, {"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf", "refsource": "CONFIRM", "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T01:15:09.040Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02"}, {"name": "91525", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/91525"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-5849", "datePublished": "2016-07-04T16:00:00", "dateReserved": "2016-06-27T00:00:00", "dateUpdated": "2024-08-06T01:15:09.040Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:sicam_pas\\/pqs:*:*:*:*:*:*:*:*", "matchCriteriaId": "528009F7-CD1B-44E6-8C83-994B047DBB1D", "versionEndIncluding": "8.07", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage."}, {"lang": "es", "value": "Siemens SICAM PAS hasta la versi\u00f3n 8.07 permite a usuarios locales obtener informaci\u00f3n sensible de configuraci\u00f3n aprovechando la paralizaci\u00f3n de la base de datos."}], "id": "CVE-2016-5849", "lastModified": "2024-11-21T02:55:07.993", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 2.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-07-04T16:59:02.973", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91525"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/91525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}