CVE-2024-32011 HIGH

CVE-2024-32011

Vendor Siemens
Product Spectrum Power 4
Weakness CWE-829 · Inclusion from untrusted sphere
Published November 11, 2025
Last update November 12, 2025

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated