CVE-2022-43724: CWE-319: Cleartext Transmission of Sensitive Information in Siemens SICAM PAS/PQS
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
AI Analysis
Technical Summary
CVE-2022-43724 is a critical vulnerability affecting Siemens SICAM PAS/PQS software versions prior to 7.0. The core issue stems from the transmission of database credentials for the embedded SQL server in cleartext over the network. This insecure transmission allows an attacker with network access to intercept sensitive authentication information. Compounding the risk, the affected software has the xp_cmdshell feature enabled by default. This feature permits execution of arbitrary operating system commands via SQL Server, which, when combined with the leaked credentials, enables unauthenticated remote attackers to execute custom OS commands on the affected system. The vulnerability does not require any prior authentication or user interaction, making exploitation straightforward for attackers with network access to the device. The impact spans confidentiality, integrity, and availability, as attackers can gain full control over the system, potentially leading to data theft, system manipulation, or disruption of critical infrastructure operations. Siemens has released versions 7.0 and later which address this issue, but all earlier versions remain vulnerable. No known exploits have been reported in the wild at the time of this analysis, but the high CVSS score of 9.8 reflects the severe risk posed by this vulnerability.
Potential Impact
For European organizations, particularly those in critical infrastructure sectors such as energy, utilities, and industrial automation, this vulnerability poses a significant threat. SICAM PAS/PQS is widely used in power automation systems for process automation and control. Exploitation could lead to unauthorized control over critical systems, resulting in operational disruption, data breaches, or sabotage. The ability to execute arbitrary OS commands remotely without authentication could allow attackers to deploy malware, disrupt services, or pivot within networks to compromise additional assets. Given the strategic importance of energy and industrial control systems in Europe, successful exploitation could have cascading effects on national infrastructure, economic stability, and public safety. Organizations relying on affected versions of SICAM PAS/PQS must consider this vulnerability a high-priority risk.
Mitigation Recommendations
1. Immediate upgrade to Siemens SICAM PAS/PQS version 7.0 or later, where this vulnerability is addressed, is the most effective mitigation. 2. If upgrading is not immediately feasible, network segmentation should be enforced to restrict access to SICAM PAS/PQS systems, limiting exposure to trusted management networks only. 3. Disable the xp_cmdshell feature in the embedded SQL server if possible, as this reduces the attack surface by preventing OS command execution via SQL queries. 4. Implement network-level encryption such as VPNs or IPsec tunnels to protect sensitive data in transit, mitigating risks from cleartext credential transmission. 5. Monitor network traffic for unusual SQL server activity or unexpected command executions, employing intrusion detection systems tuned for industrial protocols. 6. Conduct regular audits of system configurations and access logs to detect potential exploitation attempts early. 7. Coordinate with Siemens support and cybersecurity teams for any available patches, workarounds, or additional guidance specific to the deployment environment.
Affected Countries
Germany, France, Italy, Spain, United Kingdom, Poland, Netherlands, Belgium, Sweden, Czech Republic
CVE-2022-43724: CWE-319: Cleartext Transmission of Sensitive Information in Siemens SICAM PAS/PQS
Description
A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by default enabled xp_cmdshell feature unauthenticated remote attackers could execute custom OS commands. At the time of assigning the CVE, the affected firmware version of the component has already been superseded by succeeding mainline versions.
AI-Powered Analysis
Technical Analysis
CVE-2022-43724 is a critical vulnerability affecting Siemens SICAM PAS/PQS software versions prior to 7.0. The core issue stems from the transmission of database credentials for the embedded SQL server in cleartext over the network. This insecure transmission allows an attacker with network access to intercept sensitive authentication information. Compounding the risk, the affected software has the xp_cmdshell feature enabled by default. This feature permits execution of arbitrary operating system commands via SQL Server, which, when combined with the leaked credentials, enables unauthenticated remote attackers to execute custom OS commands on the affected system. The vulnerability does not require any prior authentication or user interaction, making exploitation straightforward for attackers with network access to the device. The impact spans confidentiality, integrity, and availability, as attackers can gain full control over the system, potentially leading to data theft, system manipulation, or disruption of critical infrastructure operations. Siemens has released versions 7.0 and later which address this issue, but all earlier versions remain vulnerable. No known exploits have been reported in the wild at the time of this analysis, but the high CVSS score of 9.8 reflects the severe risk posed by this vulnerability.
Potential Impact
For European organizations, particularly those in critical infrastructure sectors such as energy, utilities, and industrial automation, this vulnerability poses a significant threat. SICAM PAS/PQS is widely used in power automation systems for process automation and control. Exploitation could lead to unauthorized control over critical systems, resulting in operational disruption, data breaches, or sabotage. The ability to execute arbitrary OS commands remotely without authentication could allow attackers to deploy malware, disrupt services, or pivot within networks to compromise additional assets. Given the strategic importance of energy and industrial control systems in Europe, successful exploitation could have cascading effects on national infrastructure, economic stability, and public safety. Organizations relying on affected versions of SICAM PAS/PQS must consider this vulnerability a high-priority risk.
Mitigation Recommendations
1. Immediate upgrade to Siemens SICAM PAS/PQS version 7.0 or later, where this vulnerability is addressed, is the most effective mitigation. 2. If upgrading is not immediately feasible, network segmentation should be enforced to restrict access to SICAM PAS/PQS systems, limiting exposure to trusted management networks only. 3. Disable the xp_cmdshell feature in the embedded SQL server if possible, as this reduces the attack surface by preventing OS command execution via SQL queries. 4. Implement network-level encryption such as VPNs or IPsec tunnels to protect sensitive data in transit, mitigating risks from cleartext credential transmission. 5. Monitor network traffic for unusual SQL server activity or unexpected command executions, employing intrusion detection systems tuned for industrial protocols. 6. Conduct regular audits of system configurations and access logs to detect potential exploitation attempts early. 7. Coordinate with Siemens support and cybersecurity teams for any available patches, workarounds, or additional guidance specific to the deployment environment.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- siemens
- Date Reserved
- 2022-10-24T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d984ac4522896dcbf7193
Added to database: 5/21/2025, 9:09:30 AM
Last enriched: 6/21/2025, 2:53:29 PM
Last updated: 8/12/2025, 8:15:40 PM
Views: 12
Related Threats
CVE-2025-9002: SQL Injection in Surbowl dormitory-management-php
MediumCVE-2025-9001: Stack-based Buffer Overflow in LemonOS
MediumCVE-2025-8867: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in iqonicdesign Graphina – Elementor Charts and Graphs
MediumCVE-2025-8680: CWE-918 Server-Side Request Forgery (SSRF) in bplugins B Slider- Gutenberg Slider Block for WP
MediumCVE-2025-8676: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in bplugins B Slider- Gutenberg Slider Block for WP
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.