CVE-2024-32014
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-11
Assigner: Siemens AG
Description
Description
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| siemens | spectrum_power | 4.0 |
| siemens | spectrum_power | 3.1 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Spectrum Power 4 versions prior to V4.70 SP12 Update 2. It allows an attacker to alter the local database that contains the application's credentials, which can lead to the attacker gaining administrative privileges within the application.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can gain administrative application privileges by modifying the local database containing credentials. This could lead to unauthorized access, control over the application, and potential misuse of its functions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70