Main Vulnerability Database SB2022061515

SB2022061515 - Use of hard-coded credentials in Siemens Spectrum Power Systems

Published: June 15, 2022

Security Bulletin ID SB2022061515

CSH Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2022-26476)

CWE-ID: CWE-798 - Use of Hard-coded Credentials

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain full access to vulnerable system.

The vulnerability exists due to presence of hard-coded credentials in application code in the component Shared HIS. A remote attacker on the local network can access the affected system using the hard-coded credentials.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf

SB2022061515 - Use of hard-coded credentials in Siemens Spectrum Power Systems

Breakdown by Severity

Description

Remediation

References

Please verify you're human