Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
Siemens Spectrum Power 安全漏洞
Vulnerability Description
Siemens Spectrum Power是德国西门子(Siemens)公司的一套能源管理系统。 Siemens Spectrum Power 4 V4.70 SP12 Update 2之前版本存在安全漏洞,该漏洞源于凭证文件可被全局读取,可能导致攻击者以特权用户身份连接数据库并执行系统命令。
CVSS Information
N/A
Vulnerability Type
N/A