ID CVE-2019-6579
Summary A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
Vulnerable Configurations
  • cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
    cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 16-10-2020 - 13:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 107830
misc https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf
Last major update 16-10-2020 - 13:03
Published 17-04-2019 - 14:29
Last modified 16-10-2020 - 13:03
Back to Top