CVE-2022-26476
HIGHSpectrum Power 4, 7, and MGMS - Unauthenticated Use of Hard-coded Credentials in Shared HIS
Title source: llmDescription
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf
Scores
CVSS v3
8.8
EPSS
0.0013
EPSS Percentile
31.5%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (3)
siemens/spectrum_power_4
siemens/spectrum_power_7
siemens/spectrum_power_microgrid_management_system
Published
Jun 14, 2022
Tracked Since
Feb 18, 2026