Primary

Context

Siemens Spectrum Power 4 Command Injection Vulnerability in User Interface

Vulnerability

Patched

A vulnerability exists in Siemens Spectrum Power 4, all versions prior to 4.70 SP12 Update 2, allowing arbitrary command execution through the user interface. This interface, accessible via the network, enables the execution of commands as an administrative application user.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the affected system, with the commands being executed as an administrative application user.

Remediation

Users are advised to update Siemens Spectrum Power 4 to version 4.70 SP12 Update 2 or later. For further inquiries on security vulnerabilities in Siemens products, contact Siemens ProductCERT.

Added: Nov 11, 2025, 9:39 PM

Updated: Nov 11, 2025, 9:39 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

4.4

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Siemens Spectrum Power 4 Command Injection Vulnerability in User Interface

Vulnerability

Impact

Remediation

Affected Products

Siemens Spectrum Power 4

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating