Skip to main content

CVE-2022-43724: CWE-319: Cleartext Transmission of Sensitive Information in Siemens SICAM PAS/PQS

Critical
Published: Tue Dec 13 2022 (12/13/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: Siemens
Product: SICAM PAS/PQS

Description

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.

AI-Powered Analysis

AILast updated: 06/21/2025, 14:53:29 UTC

Technical Analysis

CVE-2022-43724 is a critical vulnerability affecting Siemens SICAM PAS/PQS software versions prior to 7.0. The core issue stems from the transmission of database credentials for the embedded SQL server in cleartext over the network. This insecure transmission allows an attacker with network access to intercept sensitive authentication information. Compounding the risk, the affected software has the xp_cmdshell feature enabled by default. This feature permits execution of arbitrary operating system commands via SQL Server, which, when combined with the leaked credentials, enables unauthenticated remote attackers to execute custom OS commands on the affected system. The vulnerability does not require any prior authentication or user interaction, making exploitation straightforward for attackers with network access to the device. The impact spans confidentiality, integrity, and availability, as attackers can gain full control over the system, potentially leading to data theft, system manipulation, or disruption of critical infrastructure operations. Siemens has released versions 7.0 and later which address this issue, but all earlier versions remain vulnerable. No known exploits have been reported in the wild at the time of this analysis, but the high CVSS score of 9.8 reflects the severe risk posed by this vulnerability.

Potential Impact

For European organizations, particularly those in critical infrastructure sectors such as energy, utilities, and industrial automation, this vulnerability poses a significant threat. SICAM PAS/PQS is widely used in power automation systems for process automation and control. Exploitation could lead to unauthorized control over critical systems, resulting in operational disruption, data breaches, or sabotage. The ability to execute arbitrary OS commands remotely without authentication could allow attackers to deploy malware, disrupt services, or pivot within networks to compromise additional assets. Given the strategic importance of energy and industrial control systems in Europe, successful exploitation could have cascading effects on national infrastructure, economic stability, and public safety. Organizations relying on affected versions of SICAM PAS/PQS must consider this vulnerability a high-priority risk.

Mitigation Recommendations

1. Immediate upgrade to Siemens SICAM PAS/PQS version 7.0 or later, where this vulnerability is addressed, is the most effective mitigation. 2. If upgrading is not immediately feasible, network segmentation should be enforced to restrict access to SICAM PAS/PQS systems, limiting exposure to trusted management networks only. 3. Disable the xp_cmdshell feature in the embedded SQL server if possible, as this reduces the attack surface by preventing OS command execution via SQL queries. 4. Implement network-level encryption such as VPNs or IPsec tunnels to protect sensitive data in transit, mitigating risks from cleartext credential transmission. 5. Monitor network traffic for unusual SQL server activity or unexpected command executions, employing intrusion detection systems tuned for industrial protocols. 6. Conduct regular audits of system configurations and access logs to detect potential exploitation attempts early. 7. Coordinate with Siemens support and cybersecurity teams for any available patches, workarounds, or additional guidance specific to the deployment environment.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
siemens
Date Reserved
2022-10-24T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d984ac4522896dcbf7193

Added to database: 5/21/2025, 9:09:30 AM

Last enriched: 6/21/2025, 2:53:29 PM

Last updated: 8/15/2025, 2:45:55 AM

Views: 13

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats