cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2022-26476,https://securityvulnerability.io/vulnerability/CVE-2022-26476,Unauthenticated Access Vulnerability in Spectrum Power by Siemens,"A significant vulnerability exists in Spectrum Power systems where an unauthenticated attacker can exploit the Shared HIS component by utilizing default credentials. This potential security flaw enables an attacker to gain administrative access to the system, posing serious risks to data integrity and system control. Organizations using affected Spectrum Power versions should prioritize reviewing their deployed systems and update authentication practices to safeguard against unauthorized access.",Siemens,"Spectrum Power 4,Spectrum Power 7,Spectrum Power Mgms",8.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-06-14T09:21:38.000Z,0 CVE-2022-23312,https://securityvulnerability.io/vulnerability/CVE-2022-23312,Cross-Site Scripting Flaw in Spectrum Power 4 by Siemens,"A Cross-Site Scripting (XSS) vulnerability has been discovered in the 'Online Help' component of Siemens Spectrum Power 4. This flaw allows attackers to exploit the web application by tricking users into clicking on malicious links, potentially leading to unauthorized access or data manipulation. Versions prior to V4.70 SP9 Security Patch 1 are affected, emphasizing the importance of applying the necessary updates to mitigate risks.",Siemens,Spectrum Power 4,6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2022-02-09T15:17:30.000Z,0 CVE-2020-15790,https://securityvulnerability.io/vulnerability/CVE-2020-15790,Directory Listing Vulnerability in Spectrum Power 4 by Siemens,"A vulnerability exists in Spectrum Power 4, where improper configuration of the web server may allow unauthorized users to view directory contents. This can potentially expose sensitive data and system configurations, making it crucial for users to ensure appropriate security measures are in place. Administrators should review their web server settings and update to version 4.70 SP8 or later to mitigate this risk.",Siemens,Spectrum Power 4,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-09-09T18:12:56.000Z,0 CVE-2020-15784,https://securityvulnerability.io/vulnerability/CVE-2020-15784,Insecure Storage Vulnerability in Spectrum Power 4 by Siemens,"A security flaw has been discovered in Spectrum Power 4, specifically in its handling of sensitive data stored within configuration files. This vulnerability can potentially allow unauthorized access to usernames, posing a risk to user privacy and data security. Affected users are strongly advised to update to the latest version to mitigate this risk and protect their sensitive information.",Siemens,Spectrum Power 4,5.3,MEDIUM,0.0008399999933317304,false,,false,false,false,,,false,false,,2020-09-09T18:11:32.000Z,0 CVE-2019-10933,https://securityvulnerability.io/vulnerability/CVE-2019-10933,Cross-Site Scripting Vulnerability in Siemens Spectrum Power Interfaces,"A vulnerability exists in the web interface of Siemens Spectrum Power products that could allow Cross-Site Scripting (XSS) attacks. This occurs when users are tricked into clicking a malicious link, enabling attackers to execute scripts in the context of the user's session. Importantly, this vulnerability does not require users to be logged into the interface, and at the time of this advisory, there are no known instances of public exploitation. Organizations using these affected versions should take necessary precautions to mitigate potential risks.",Siemens Ag,"Spectrum Power 3 (corporate User Interface),Spectrum Power 4 (corporate User Interface),Spectrum Power 5 (corporate User Interface),Spectrum Power 7 (corporate User Interface)",6.1,MEDIUM,0.0007800000021234155,false,,false,false,false,,,false,false,,2019-07-11T21:17:47.000Z,0 CVE-2019-6579,https://securityvulnerability.io/vulnerability/CVE-2019-6579,Command Execution Vulnerability in Spectrum Power 4 by Siemens,"A vulnerability in Spectrum Power 4 with the Web Office Portal allows attackers with network access to the web server on ports 80 or 443 to execute system commands with administrative privileges. This vulnerability can be exploited by unauthenticated attackers without any need for user interaction, posing a serious risk to the confidentiality, integrity, and availability of the system. At the time of the advisory's release, there were no reports of public exploitation of this issue.",Siemens,Spectrum Powerâ„¢ 4,9.8,CRITICAL,0.002850000048056245,false,,false,false,false,,,false,false,,2019-04-17T13:40:24.000Z,0