You are here

Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

Siemens Spectrum Power (ICSA-20-252-04) – Products Used in the Energy Sector

Created: Wednesday, September 9, 2020 - 11:17
Categories:
Cybersecurity

CISA has published an advisory on cleartext storage of sensitive information and exposure of information through directory listing vulnerabilities in Siemens Spectrum Power. All versions prior to  v4.70 SP8 are affected. Successful exploitation of these vulnerabilities could allow an unauthorized attacker to retrieve a list of software users, or in certain cases to list the contents of a directory. Siemens has released updates and configuration recommendations for Spectrum Power 4 to mitigate the issues. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.