CVE-2024-32011

HIGH

Spectrum Power 4 <V4.70 SP12 Update 2 - Command Injection

Title source: llm

Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

References (1)

[Vendor Advisory] https://cert-portal.siemens.com/productcert/html/ssa-339694.html

Scores

CVSS v3 8.8

EPSS 0.0009

EPSS Percentile 25.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-829

Status published

Products (1)

Siemens/Spectrum Power 4 < V4.70 SP12 Update 2

Published Nov 11, 2025

Tracked Since Feb 18, 2026