A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
References
| Link | Resource |
|---|---|
| http://www.securityfocus.com/bid/107830 | Third Party Advisory VDB Entry |
| https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf | Mitigation Vendor Advisory |
| http://www.securityfocus.com/bid/107830 | Third Party Advisory VDB Entry |
| https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf | Mitigation Vendor Advisory |
Configurations
History
21 Nov 2024, 04:46
| Type | Values Removed | Values Added |
|---|---|---|
| References | () http://www.securityfocus.com/bid/107830 - Third Party Advisory, VDB Entry | |
| References | () https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf - Mitigation, Vendor Advisory |
Information
Published : 2019-04-17 14:29
Updated : 2024-11-21 04:46
NVD link : CVE-2019-6579
Mitre link : CVE-2019-6579
CVE.ORG link : CVE-2019-6579
JSON object : View
Products Affected
siemens
- spectrum_power_4
CWE
CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
NVD-CWE-noinfo