SSA-388239 — Vulnetix

SSA-388239 PUBLISHED CVSS 8.800000190734863 HIGH

Siemens has been made aware of a default password leakage in the internet affecting the component Shared HIS (SHHIS) used in Spectrum Power systems. The products listed below are affected by this default password leakage. This could allow an attacker to access the component Shared HIS of those products with administrative privileges by using an account with default credentials. Siemens offers configuration recommendations for the affected products in order to mitigate the issue.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Affected Products

Vendor	Product	Versions
	Spectrum Power MGMS
	Spectrum Power 4
	Spectrum Power 7

Exploit Intelligence

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf (circl)
https://cert-portal.siemens.com/productcert/txt/ssa-388239.txt (circl)
https://cert-portal.siemens.com/productcert/csaf/ssa-388239.json (circl)

Timeline

CVE Published

References

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf advisory
https://cert-portal.siemens.com/productcert/txt/ssa-388239.txt advisory
https://cert-portal.siemens.com/productcert/csaf/ssa-388239.json advisory

Open in Interactive Console →