2.30

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

siemens

NVD

Published: 2023-09-14

Updated: 2024-11-21

Summary

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Vulnerable Configurations

Part	Description	Count
Application	Siemens Siemens Spectrum Power 7 - Siemens Spectrum Power 7 2.20 Siemens Spectrum Power 7 2.30	5

References

https://cert-portal.siemens.com/productcert/pdf/ssa-357182.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-357182.pdf