Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) warned users to update certain builds of energy automation software this week. The team claims two vulnerabilities exist in the Siemens SICAM Power Automation System, or PAS, that could enable an attacker to reconstruct passwords and obtain sensitive information under certain conditions. The first vulnerability stemmed from insufficiently protected credentials; the second (CVE-2016-5849) stemmed from an information exposure vulnerability in the database. Users are being encouraged to update to version 8.07 to mitigate that issue.
Source: https://threatpost.com/siemens-patches-password-reconstruction-vulnerability-in-sicam-pas/119012/