Siemens Spectrum Power default account | CVE-2022-26476

June 17, 2022

NAME

Siemens Spectrum Power default account

  • Platforms Affected:
    Siemens Spectrum Power 4
    Siemens Spectrum Power 7
    Siemens Spectrum Power MGMS
  • Risk Level:
    8.8
  • Exploitability:
    Unproven
  • Consequences:
    Gain Access

DESCRIPTION

Siemens Spectrum Power contains default hardcoded credentials. A remote attacker could exploit this vulnerability to access the component Shared HIS with administrative privileges by using an account with default credentials.

CVSS 3.0 Information

  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
  • Remediation Level: Official Fix

MITIGATION

Refer to Siemens Security Advisory SSA-388239 for patch, upgrade or suggested workaround information. See References.

  • Reference Link:
    https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf
  • Reference Link:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26476

If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.

Digital Patreon Wordmark FieryCoralv2

You may have missed

image

[DRAGONFORCE] – Ransomware Victim: SUSTA S[.]r[.]l[.]

November 18, 2024
image

[MEDUSA] – Ransomware Victim: Maxeon

November 18, 2024
image

[BLACKSUIT] – Ransomware Victim: eastgateauto[.]com

November 18, 2024
image

[ELDORADO] – Ransomware Victim: LA LUCKY Brand

November 18, 2024
image

[BLACKSUIT] – Ransomware Victim: kciaviation[.]com

November 18, 2024