PT-2022-17889 · Siemens · Shared His+3
Published
2022-06-14
·
Updated
2022-06-22
·
CVE-2022-26476
CVSS v2.0
5.4
Medium
| Vector | AV:A/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Spectrum Power 4 versions using Shared HIS
Spectrum Power 7 versions using Shared HIS
Spectrum Power MGMS versions using Shared HIS
Description
A vulnerability has been identified that allows an unauthenticated attacker to log into the Shared HIS component used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the Shared HIS component with administrative privileges.
Recommendations
For Spectrum Power 4 versions using Shared HIS, change the default credentials of the Shared HIS account to prevent unauthorized access.
For Spectrum Power 7 versions using Shared HIS, change the default credentials of the Shared HIS account to prevent unauthorized access.
For Spectrum Power MGMS versions using Shared HIS, change the default credentials of the Shared HIS account to prevent unauthorized access.
Fix
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Shared His
Spectrum Power 4
Spectrum Power 7
Spectrum Power Mgms