Command Execution Vulnerability in Spectrum Power 4 by Siemens
CVE-2019-6579

9.8CRITICAL

Key Information:

Vendor: Siemens
Status: Spectrum Power™ 4
Vendor: CVE Published:; 17 April 2019

Summary

A vulnerability in Spectrum Power 4 with the Web Office Portal allows attackers with network access to the web server on ports 80 or 443 to execute system commands with administrative privileges. This vulnerability can be exploited by unauthenticated attackers without any need for user interaction, posing a serious risk to the confidentiality, integrity, and availability of the system. At the time of the advisory's release, there were no reports of public exploitation of this issue.

Affected Version(s)

Spectrum Power™ 4 with Web Office Portal

References

http://www.securityfocus.com/bid/107830

vdb-entryx_refsource_BID

https://cert-portal.siemens.com/productcert/pdf/ssa-32446...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2019
Vulnerability Reserved
Jan 22, 2019