PT-2025-46535 · Schneider Electric · Spectrum Power
Published
2025-11-11
·
Updated
2025-11-12
·
CVE-2024-32010
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Spectrum Power versions prior to 4.70 SP12 Update 2
Description
The application is susceptible to the exposure of database credentials through a world-readable credential file. Successful exploitation allows an attacker to connect to the database with elevated privileges as an application user and execute system commands via the database.
Recommendations
Update to version 4.70 SP12 Update 2 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spectrum Power