CVE-2024-32008

Summary

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to an exposed debug interface on the localhost. This allows any local user to gain code execution as administrative application user.

Affected Software

VendorProductVersion RangeStatus
SiemensSpectrum Power 40 < V4.70 SP12 Update 2affected

Weaknesses

  • CWE-648: CWE-648: Incorrect Use of Privileged APIs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References