CVE-2022-26476
moderate-risk
Published 2022-06-14
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (3)
Affected Vendors
References (2)
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf
Vendor Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-388239.pdf
37
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
1/34 · Minimal
Exposure
9/34 · Low