CVE-2019-6579
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
EPSS 1.33% · 80.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Siemens AG | Spectrum Power™ 4 | with Web Office Portal |
| Siemens | N/A | |
| siemens | spectrum_power_4 |
Timeline
- Apr 9, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- 107830 vdb
- https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf url
- https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf advisory
- https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-6579 advisory