CVE-2019-6579
CRITICALSpectrum Power 4 - Unauthenticated Remote Code Execution via Web Office Portal
Title source: llmDescription
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/107830
Mitigation, Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf
Scores
CVSS v3
9.8
EPSS
0.0133
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
siemens/spectrum_power_4
Published
Apr 17, 2019
Tracked Since
Feb 18, 2026