cbcvebase.
CVE-2019-6579
published 2019-04-17

CVE-2019-6579: A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP…

PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.28%
81.0th percentile
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

Affected

1 ranges
VendorProductVersion rangeFixed in
siemens_agspectrum_power_4

Detection & IOCsextracted from sources · hover to see the quote

port80/TCP
port443/TCP
  • Target is the Web Office Portal (WOP) component of Spectrum Power 4; monitor for unauthenticated OS command injection attempts arriving on port 80/TCP or 443/TCP directed at this web server.
  • No authentication or user interaction is required; any inbound HTTP/HTTPS request to the WOP service could be an exploitation attempt — baseline and alert on unexpected command execution processes spawned by the web server process.
  • Exploitation results in system commands running with administrative privileges; look for privileged child processes (e.g., cmd.exe, sh, bash) spawned from the web server on affected Spectrum Power 4 hosts.
  • ·Only Spectrum Power 4 installations that have the Web Office Portal (WOP) project enhancement (PE) enabled are vulnerable; installations without WOP are not affected.
  • ·The vendor-supplied fix is bugfix bf-47456_PE_WOP_fix; absence of this patch on a Spectrum Power 4 WOP host indicates a vulnerable configuration.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.