First published: Thu Jul 11 2019(Updated: )
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known.
Credit: productcert@siemens.com
Affected Software | Affected Version | How to fix |
---|---|---|
Siemens Spectrum Power 3 | <=3.11 | |
Siemens Spectrum Power 4 | <=4.75 | |
Siemens Spectrum Power 5 | <=5.50 | |
Siemens Spectrum Power 7 | <=2.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-10933 is a vulnerability identified in Siemens Spectrum Power products, including versions 3.11, 4.75, 5.50, and 2.20 of Spectrum Power 3, 4, 5, and 7 respectively.
The severity of CVE-2019-10933 is medium with a CVSS severity score of 6.1.
CVE-2019-10933 affects Siemens Spectrum Power products, including versions 3.11, 4.75, 5.50, and 2.20 of Spectrum Power 3, 4, 5, and 7 respectively, by allowing remote attackers to execute arbitrary code or cause a denial-of-service condition.
To fix CVE-2019-10933, it is recommended to apply the security patch provided by Siemens and update to the latest version of the affected software.
You can find more information about CVE-2019-10933 in the official Siemens security advisory document: https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf