CVE-2016-5848

Published: Jul 4, 2016Modified: May 6, 2026

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes it easier for local users to calculate passwords by leveraging unspecified database privileges.

Affected (1)

Products: Siemens: Sicam Pas/pqs

Siemens

1 product

Sicam Pas/pqs

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Siemens Sicam Pas/pqs	Up to 8.07

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-255

References (6)

http://www.securityfocus.com/bid/91525

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf

Source: cve@mitre.org

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/91525

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://ics-cert.us-cert.gov/advisories/ICSA-16-182-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.