CVE-2024-32014 MEDIUM

CVE-2024-32014

Vendor Siemens
Product Spectrum Power 4
Weakness CWE-732
Published November 11, 2025
Last update November 12, 2025

CVSS base score

4.7/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 12, 2025 Record updated