Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23312 | 1 Siemens | 1 Spectrum Power 4 | 2022-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application "Online Help" in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. | |||||
| CVE-2020-15790 | 1 Siemens | 1 Spectrum Power 4 | 2020-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). If configured in an insecure manner, the web server might be susceptible to a directory listing attack. | |||||
| CVE-2020-15784 | 1 Siemens | 1 Spectrum Power 4 | 2020-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP8). Insecure storage of sensitive information in the configuration files could allow the retrieval of user names. | |||||
| CVE-2019-10933 | 1 Siemens | 4 Spectrum Power 3, Spectrum Power 4, Spectrum Power 5 and 1 more | 2019-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions <= v3.11), Spectrum Power 4 (Corporate User Interface) (Version v4.75), Spectrum Power 5 (Corporate User Interface) (All versions < v5.50), Spectrum Power 7 (Corporate User Interface) (All versions <= v2.20). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link. User interaction is required for a successful exploitation. The user does not need to be logged into the web interface in order for the exploitation to succeed.At the stage of publishing this security advisory no public exploitation is known. | |||||