CVE-2022-26476

Published: Jun 14, 2022Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Affected (3)

Products: Siemens: Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System

3 products

Spectrum Power 4

Spectrum Power 7

Spectrum Power Microgrid Management System

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Siemens Spectrum Power 4	All versions
Siemens Spectrum Power 7	All versions
Siemens Spectrum Power Microgrid Management System	All versions

Related CWEs

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf

Source: productcert@siemens.com

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.