CVE-2019-6579 is a vulnerability in Siemens Spectrum Power 4
Published on April 17, 2019
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected service. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises confidentiality, integrity or availability of the targeted system. At the time of advisory publication no public exploitation of this security vulnerability was known.
Weakness Type
What is a Command Injection Vulnerability?
The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CVE-2019-6579 has been classified to as a Command Injection vulnerability or weakness.
Products Associated with CVE-2019-6579
Want to know whenever a new CVE is published for Siemens Spectrum Power 4? stack.watch will email you.
Affected Versions
Siemens AG Spectrum Power™ 4 Version with Web Office Portal is affected by CVE-2019-6579Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.