Siemens Spectrum Power 4 vulnerabilities
12 known vulnerabilities affecting siemens/spectrum_power_4.
Total CVEs
12
CISA KEV
2
actively exploited
Public exploits
2
Exploited in wild
2
Severity breakdown
CRITICAL2HIGH5MEDIUM5
Vulnerabilities
Page 1 of 1
CVE-2021-44228P1CRITICALCVSS 10.0KEVPoCRansomwarefixed in 4.70v4.702021-12-10
CVE-2021-44228 [CRITICAL] CWE-20 CVE-2021-44228: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LD
nvd
CVE-2021-45046P1CRITICALCVSS 9.0KEVPoCRansomwarefixed in 4.70v4.702021-12-14
CVE-2021-45046 [CRITICAL] CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context M
nvd
CVE-2024-32011P2HIGHCVSS 8.8fixed in V4.70 SP12 Update 22025-11-11
CVE-2024-32011 [HIGH] CWE-829 CVE-2024-32011: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The af
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.
nvd
CVE-2022-26476P3HIGHCVSS 8.8vAll versions using Shared HIS2022-06-14
CVE-2022-26476 [HIGH] CWE-798 CVE-2022-26476: A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Po
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exp
nvd
CVE-2024-32008P3HIGHCVSS 7.8fixed in V4.70 SP12 Update 22025-11-11
CVE-2024-32008 [HIGH] CWE-648 CVE-2024-32008: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The af
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.
nvd
CVE-2024-32010P3HIGHCVSS 7.8fixed in V4.70 SP12 Update 22025-11-11
CVE-2024-32010 [HIGH] CWE-732 CVE-2024-32010: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The af
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.
nvd
CVE-2024-32009P3HIGHCVSS 7.8fixed in V4.70 SP12 Update 22025-11-11
CVE-2024-32009 [HIGH] CWE-266 CVE-2024-32009: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The af
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.
nvd
CVE-2020-15790P4MEDIUMCVSS 5.3fixed in 4.70v4.702020-09-09
CVE-2020-15790 [MEDIUM] CWE-548 CVE-2020-15790: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.
nvd
CVE-2019-10933P4MEDIUMCVSS 6.1≤ 4.752019-07-11
CVE-2019-10933 [MEDIUM] CWE-80 CVE-2019-10933: A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <=
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting
nvd
CVE-2022-23312P4MEDIUMCVSS 6.1fixed in 4.70v4.70+1 more2022-02-09
CVE-2022-23312 [MEDIUM] CWE-79 CVE-2022-23312: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1).
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link.
nvd
CVE-2020-15784P4MEDIUMCVSS 5.3fixed in 4.70v4.702020-09-09
CVE-2020-15784 [MEDIUM] CWE-312 CVE-2020-15784: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.
nvd
CVE-2024-32014P4MEDIUMCVSS 4.7fixed in V4.70 SP12 Update 22025-11-11
CVE-2024-32014 [MEDIUM] CWE-732 CVE-2024-32014: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The af
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.
nvd