PatchSiren cyber security CVE debrief
CVE-2016-8567 Siemens CVE debrief
CVE-2016-8567 describes a critical authentication weakness in Siemens SICAM PAS before 8.00. A factory account with hard-coded passwords is present in affected installations, and an attacker may gain privileged access to the database over port 2638/TCP. Because the issue is network-reachable and involves fixed credentials, it is especially important for industrial environments that expose or rely on SICAM PAS/PQS components.
- Vendor
- Siemens
- Product
- CVE-2016-8567
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-13
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-13
- Advisory updated
- 2026-05-13
Who should care
Siemens SICAM PAS and related PQS operators, OT/ICS administrators, database administrators, network defenders, and incident responders responsible for industrial control environments that may expose port 2638/TCP.
Technical summary
NVD identifies the affected Siemens CPE as sicam_pas/pqs versions before 8.00, with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8). The weakness is mapped to CWE-798 (Use of Hard-coded Credentials). According to the supplied description, a factory account with hard-coded passwords exists in SICAM PAS installations and may allow privileged database access over TCP port 2638. The condition is externally reachable, requires no user interaction, and can affect confidentiality, integrity, and availability at the highest level.
Defensive priority
Critical. This is a network-accessible hard-coded credential issue in an industrial product, with a 9.8 CVSS score and potential privileged database access. Treat affected installations as urgent remediation candidates.
Recommended defensive actions
- Identify all Siemens SICAM PAS/PQS deployments and verify whether any instance is running before version 8.00.
- Upgrade affected systems to Siemens SICAM PAS 8.00 or later, which is outside the vulnerable version range stated in the advisory data.
- Restrict and monitor access to TCP port 2638/TCP so only necessary trusted hosts can reach the database service.
- Review whether the factory account is present or used anywhere in the environment and treat any exposure as a credential compromise risk.
- Segment SICAM PAS systems from broader networks and limit administrative and database access paths.
- Check logs, authentication records, and service exposure for signs of unauthorized database access related to the affected port or account.
- Coordinate remediation and validation with Siemens guidance and the referenced ICS-CERT advisory material.
Evidence notes
This debrief is based only on the supplied CVE record, NVD metadata, and referenced official/third-party advisory links included in the source corpus. The core facts used are: Siemens SICAM PAS before 8.00 is affected; a factory account with hard-coded passwords exists; privileged database access may be gained over port 2638/TCP; and NVD classifies the weakness as CWE-798 with a 9.8 CVSS 3.1 score. The CVE publication date used for disclosure context is 2017-02-13, not the later NVD modification timestamp.
Official resources
-
CVE-2016-8567 CVE record
CVE.org
-
CVE-2016-8567 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, US Government Resource
CVE publication date: 2017-02-13T21:59:01.470Z. The NVD record was later modified on 2026-05-13T00:24:29.033Z; that later timestamp is not the issue date.