CVE-2022-26476

CVE-2022-26476

Vendor Siemens
Product Spectrum Power 4
Weakness CWE-798 · Hardcoded credentials
Published June 14, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Key dates

02Disclosure timeline

June 14, 2022 CVE published
August 3, 2024 Record updated