VDB
ICSA-19-099-02
ICSA-19-099-02
PUBLISHED
CVSS 10 CRITICAL
Successful exploitation of this vulnerability in versions of Spectrum Power 4 using the user-specific project enhancement (PE) Web Office Portal (WOP) are affected by an OS command injection vulnerability. The vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this vulnerability. Successful exploitation compromises confidentiality, integrity, or availability of the targeted system.
Risk Scores
CVSS v3.1
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Spectrum Power™ 4: with Web Office Portal |
Timeline
- Apr 9, 2019 CVE Published
References
- https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-099-02.json advisory
- https://www.cisa.gov/news-events/ics-advisories/icsa-19-099-02 advisory
- https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01 url
- https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf url
- https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B url
- https://cert-portal.siemens.com/productcert/txt/SSA-324467.txt url