Siemens Ag Spectrum Power 4 vulnerabilities
4 known vulnerabilities affecting siemens_ag/spectrum_power_4.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2019-6579P2CRITICALCVSS 9.8vwith Web Office Portal2019-04-17
CVE-2019-6579 [CRITICAL] CWE-77 CVE-2019-6579: A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with n
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user in
nvd
CVE-2020-15790P4MEDIUMCVSS 5.3vAll versions < V4.70 SP82020-09-09
CVE-2020-15790 [MEDIUM] CWE-548 CVE-2020-15790: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.
nvd
CVE-2019-10933P4MEDIUMCVSS 6.1vVersion v4.752019-07-11
CVE-2019-10933 [MEDIUM] CWE-80 CVE-2019-10933: A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <=
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting
nvd
CVE-2020-15784P4MEDIUMCVSS 5.3vAll versions < V4.70 SP82020-09-09
CVE-2020-15784 [MEDIUM] CWE-312 CVE-2020-15784: A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.
nvd