Database Credential Exposure in Spectrum Power 4 by Siemens
CVE-2024-32010

8.5HIGH

Key Information:

Vendor: Siemens
Status: Spectrum Power 4
Vendor: CVE Published:; 11 November 2025

What is CVE-2024-32010?

A vulnerability exists in Spectrum Power 4 that allows unauthorized access to database credentials through a world-readable credential file. This serious issue enables attackers to connect to the database as a privileged application user, granting them the ability to execute system commands within the database context. It highlights the importance of securing configuration files and access permissions to prevent unauthorized data extraction.

Affected Version(s)

Spectrum Power 4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3396...

CVSS V4

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 8, 2024

JSON