CVE-2019-6579 - A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with n

CVE-2019-6579

Summary

A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.

References

Vulnerable Configurations

cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2020 - 13:03)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	107830
misc	https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf

Last major update

16-10-2020 - 13:03

Published

17-04-2019 - 14:29

Last modified

16-10-2020 - 13:03