CVE-2022-26476
published 2022-06-14CVE-2022-26476: A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS…
PriorityP350high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.40%
31.4th percentile
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| siemens | spectrum_power_4 | — | — |
| siemens | spectrum_power_7 | — | — |
| siemens | spectrum_power_mgms | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.4MEDIUMAV:A/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wx4w-rcpp-p5wm: A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Po
ghsa_unreviewed·2022-06-15
CVE-2022-26476 [HIGH] CWE-798 GHSA-wx4w-rcpp-p5wm: A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Po
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.
CISA ICS
Siemens Spectrum Power Systems
cisa_ics·2022-06-16·CVSS 8.8
[HIGH] Siemens Spectrum Power Systems
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Siemens Spectrum Power Systems
Last RevisedJune 16, 2022
Alert CodeICSA-22-167-12
## 1. EXECUTIVE SUMMARY
- CVSS v3 8.8
- ATTENTION: Low attack complexity
- Vendor: Siemens
- Equipment: Spectrum Power
- Vulnerability: Use of Hard-coded Credentials
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to gain administrative privileges by using an account with default credentials.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Spectrum Power, a SCADA, data modeling and monitoring system, are affected:
- Sp
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-06-14
Published