CVE-2021-45460

EPSS 0.47%
Veröffentlicht 11.01.2022 12:15:10
Zuletzt bearbeitet 21.11.2024 06:32:15
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system ("backdoors") or cause a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Sicam Pq Analyzer Firmware Version < 3.18

Siemens ≫ Sicam Pq Analyzer Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.47%	0.618

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:N/I:P/A:P

CWE-428 Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path.

https://cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-45460

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-45460

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-45460

EUVD