Vulnerability Description
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens | Spectrum Power 4 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/107830Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdfMitigationVendor Advisory
- http://www.securityfocus.com/bid/107830Third Party AdvisoryVDB Entry
- https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdfMitigationVendor Advisory
FAQ
What is CVE-2019-6579?
CVE-2019-6579 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with adminis...
How severe is CVE-2019-6579?
CVE-2019-6579 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-6579?
Check the references section above for vendor advisories and patch information. Affected products include: Siemens Spectrum Power 4.