Lucene search

SiemensCVELIST:CVE-2021-45460

HistoryJan 11, 2022 - 11:27 a.m.

CVE-2021-45460

2022-01-1111:27:18

CWE-428

siemens

www.cve.org

vulnerability

sicam pq analyzer

unquoted registry entry

attackers

persistence

denial of service

AI Score

Confidence

High

EPSS

0.001

Percentile

35.0%

JSON

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18). A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system (“backdoors”) or cause a denial of service.

CNA Affected

[
  {
    "product": "SICAM PQ Analyzer",
    "vendor": "Siemens",
    "versions": [
      {
        "status": "affected",
        "version": "All versions <  V3.18"
      }
    ]
  }
]

References

cert-portal.siemens.com/productcert/pdf/ssa-173318.pdf