VDB

CISA-2024-32008

CISA-2024-32008 PUBLISHED CVSS 7.8 HIGH

Reported by siemens · Published November 11, 2025

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.

Risk Scores

CVSS 3.1
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
SiemensSpectrum Power 40
SiemensSpectrum Power 40, 0

Timeline

  • Nov 11, 2025 CVE Published
  • Nov 12, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›