CVE-2024-32011 | THREATINT

Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

PUBLISHED Reserved 2024-04-08 | Published 2025-11-11 | Updated 2025-11-12 | Assigner siemens

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-829: Inclusion of Functionality from Untrusted Control Sphere

Product status

Default status

unknown

Any version before V4.70 SP12 Update 2

affected

References

cert-portal.siemens.com/productcert/html/ssa-339694.html

cve.org (CVE-2024-32011)

nvd.nist.gov (CVE-2024-32011)

Download JSON