Vulnerability Details : CVE-2019-6579
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Products affected by CVE-2019-6579
- cpe:2.3:a:siemens:spectrum_power_4:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-6579
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-6579
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2019-6579
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: productcert@siemens.com (Secondary)
References for CVE-2019-6579
-
http://www.securityfocus.com/bid/107830
Siemens Spectrum Power CVE-2019-6579 Command Injection VulnerabilityThird Party Advisory;VDB Entry
-
https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf
Mitigation;Vendor Advisory
Jump to