VYPR

Spectrum Power 4

by Siemens Foundation

CVEs (14)

  • CVE-2019-6579CriApr 17, 2019
    risk 0.64cvss 9.8epss 0.02

    A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an…

  • CVE-2024-32011HigNov 11, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as…

  • CVE-2022-26476HigJun 14, 2022
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum…

  • CVE-2023-38557HigSep 14, 2023
    risk 0.53cvss 8.2epss 0.00

    A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

  • CVE-2024-32010HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged…

  • CVE-2024-32009HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.

  • CVE-2024-32008HigNov 11, 2025
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as…

  • CVE-2023-44120HigJan 9, 2024
    risk 0.51cvss 7.8epss 0.00

    A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). The affected product's sudo configuration permits the local administrative account to execute several entries as root user. This could allow an authenticated local attacker to inject arbitrary code…

  • CVE-2022-23312MedFeb 9, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked…

  • CVE-2020-7579MedMar 10, 2020
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. If…

  • CVE-2020-15790MedSep 9, 2020
    risk 0.35cvss 5.3epss 0.01

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack.

  • CVE-2020-15784MedSep 9, 2020
    risk 0.34cvss 5.3epss 0.01

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names.

  • CVE-2024-32014MedNov 11, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.

  • CVE-2024-29119Nov 12, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges.