Spectrum Power 4 Local Priv Esc via Debug Interf ( V4.70 SP12U2)
CVE-2024-32008 Published on November 11, 2025
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.
Weakness Type
Incorrect Use of Privileged APIs
The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
Products Associated with CVE-2024-32008
Want to know whenever a new CVE is published for Siemens Spectrum Power 4? stack.watch will email you.
Affected Versions
Siemens Spectrum Power 4:- Before V4.70 SP12 Update 2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.