Arbitrary Command Execution Vulnerability in Spectrum Power 4 by Siemens
CVE-2024-32011

8.7HIGH

Key Information:

Vendor: Siemens
Status: Spectrum Power 4
Vendor: CVE Published:; 11 November 2025

What is CVE-2024-32011?

A vulnerability in Spectrum Power 4 allows unauthorized users to execute arbitrary commands via its user interface. This attack vector is accessible over the network and enables execution of commands with the privileges of an administrative application user, posing significant security risks. Immediate action is recommended to secure affected installations.

Affected Version(s)

Spectrum Power 4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3396...

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 8, 2024

JSON