Logo
vuln-group

CVE-2023-38557

Severity: high (7.8)

First published: Thu Sep 14 2023

Last modified: Thu Sep 21 2023

CWE: 732

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

Any of

  • Siemens Spectrum Power 7
    <23q3

FAQ

  • What is the severity of CVE-2023-38557?

    The severity of CVE-2023-38557 is high with a CVSS score of 7.8.

  • How does CVE-2023-38557 affect Spectrum Power 7?

    CVE-2023-38557 affects all versions of Spectrum Power 7 prior to V23Q3.

  • What is the vulnerability in CVE-2023-38557?

    The vulnerability in CVE-2023-38557 is improper access rights assignment to the update script, allowing an authenticated local attacker to inject arbitrary code and escalate privileges.

  • How can an attacker exploit the vulnerability in CVE-2023-38557?

    An attacker can exploit the vulnerability in CVE-2023-38557 by sending malicious code to the update script, thereby injecting arbitrary code and gaining elevated privileges.

  • Is there a fix available for CVE-2023-38557?

    Yes, the fix for CVE-2023-38557 is to update Spectrum Power 7 to version V23Q3 or newer.

Reference Links

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia

Navigation

© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203