Main Vulnerability Database Vulnerabilities #VU36004

Permissions, Privileges, and Access Controls in Spectrum Power 4 - CVE-2019-6579

Published: April 17, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU36004

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-6579

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Siemens

Affected software:
Spectrum Power 4

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

How to mitigate CVE-2019-6579

Install update from vendor's website.

Permissions, Privileges, and Access Controls in Spectrum Power 4 - CVE-2019-6579

Detailed vulnerability description

How to mitigate CVE-2019-6579

Sources

Please verify you're human