Database Manipulation Vulnerability in Spectrum Power 4 by Siemens
CVE-2024-32014

5.6MEDIUM

Key Information:

Vendor: Siemens
Status: Spectrum Power 4
Vendor: CVE Published:; 11 November 2025

What is CVE-2024-32014?

A serious database manipulation vulnerability exists in Spectrum Power 4 that impacts all versions prior to V4.70 SP12 Update 2. This flaw allows unauthorized users to alter the local database, which houses application credentials. By exploiting this vulnerability, attackers can elevate their privileges to that of an administrator, potentially gaining full control over the application and its operations. Users are advised to upgrade to the patched version to mitigate any risk associated with this vulnerability.

Affected Version(s)

Spectrum Power 4 0

References

https://cert-portal.siemens.com/productcert/html/ssa-3396...

CVSS V4

Score:

5.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Apr 8, 2024

JSON