PT-2024-13173 · Siemens · Spectrum Power 7

Published

2024-01-09

Updated

2024-01-16

CVE-2023-44120

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Spectrum Power 7 versions prior to V23Q4

Description A vulnerability has been identified in the sudo configuration of the affected product, allowing the local administrative account to execute several entries as the root user. This could enable an authenticated local attacker to inject arbitrary code and gain root access.

Recommendations For versions prior to V23Q4, update to version V23Q4 or later to resolve the issue. As a temporary workaround, consider restricting the sudo configuration to prevent the local administrative account from executing entries as the root user.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2023-44120

Affected Products

Spectrum Power 7

PT-2024-13173 · Siemens · Spectrum Power 7

CVE-2023-44120

Weakness Enumeration

Related Identifiers

Affected Products

References · 5