Local Code Execution Vulnerability in Siemens Spectrum Power 7
CVE-2023-44120

7.8HIGH

Key Information:

Vendor
Siemens
Status
Spectrum Power 7
Vendor
CVE Published:
9 January 2024

Summary

A vulnerability has been discovered in Spectrum Power 7, where improper sudo configuration enables the local administrative account to execute commands as the root user. This situation creates an avenue for authenticated local attackers to inject arbitrary code, potentially compromising system integrity and security. All versions earlier than V23Q4 are affected by this issue, necessitating prompt action from users to mitigate risks.

Affected Version(s)

Spectrum Power 7 All versions < V23Q4

References

https://cert-portal.siemens.com/productcert/pdf/ssa-78619...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.