Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-26476

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Published

2022-06-14T10:15:19.883

Last Modified

2024-11-21T06:54:01.333

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

Access Vector: ADJACENT_NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

5.5

Impact Score

6.4

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	siemens	spectrum_power_4	-	Yes
Application	siemens	spectrum_power_7	-	Yes
Application	siemens	spectrum_power_microgrid_management_system	-	Yes

References

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf Vendor Advisory ([email protected])
https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)