Primary

Context

Siemens Spectrum Power 4 Local Privilege Escalation Vulnerability Allowing Code Execution as Administrative User

Vulnerability

Patched

A local privilege escalation vulnerability has been identified in Siemens Spectrum Power 4, affecting all versions prior to 4.70 SP12 Update 2. The vulnerability arises from an exposed debug interface on localhost, which allows any local user to execute code as an administrative application user.

Impact

Exploitation of this vulnerability allows local users to gain administrative privileges within the application and execute code as an administrative user.

Remediation

Users are advised to update to Siemens Spectrum Power 4 version 4.70 SP12 Update 2 or later. For guidance on applying the update, refer to the general security recommendations provided by Siemens.

Added: Nov 11, 2025, 9:41 PM

Updated: Nov 11, 2025, 9:41 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

7.5

exploitability

3.5

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Spectrum Power 4 Local Privilege Escalation Vulnerability Allowing Code Execution as Administrative User

Vulnerability

Impact

Remediation

Affected Products

Siemens Spectrum Power 4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating