Siemens sicam pas Information Leak Vulnerability (CVE-2016-5849)

Siemens sicam pas Information Leak Vulnerability (CVE-2016-5849)
Siemens sicam pas Information Leak Vulnerability (CVE-2016-5849)

Release date:
Updated on:

Affected Systems:

Siemens sicam pas <8.07

Description:

CVE (CAN) ID: CVE-2016-5849

Siemens sicam pas is an energy automation solution.

A security vulnerability exists in versions earlier than Siemens sicam pas 8.07. Local Users can obtain sensitive configuration information through database faults.

<* Source: Ilya Karpov

Link: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf
*>

Suggestion:

Vendor patch:

Siemens
-------
Siemens has released a Security Bulletin (SSA-444217) and patches for this:
SSA-444217: Information Disclosure Vulnerabilities in SICAM PAS
Link: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-444217.pdf

This article permanently updates the link address: