Siemens Spectrum Power 7
The Cybersecurity & Infrastructure Security Agency (CISA) has issued an advisory regarding a vulnerability in Siemens' Spectrum Power 7. The vulnerability, identified as CVE-2023-38557, is due to incorrect permission assignment for a critical resource. This could allow a local attacker to inject arbitrary code into the update script and escalate privileges. The vulnerability has a CVSS v3 base score of 8.2, indicating a high level of severity. Affected products include all versions of Spectrum Power 7 prior to V23Q3. Siemens has released an update for Spectrum Power 7 (V23Q3) and recommends users to update to the latest version. For any versions prior to V23Q3, users are advised to contact Siemens customer support. CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, including performing proper impact analysis and risk assessment prior to deploying defensive measures. No known public exploitation specifically targeting this vulnerability has been reported at this time. This vulnerability is not exploitable remotely. CVEs: CVE-2023-38557 [View Article](https://www.cisa.gov/news-events/ics-advisories/icsa-23-264-02)
Menu
