{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2024-32011","assignerOrgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","state":"PUBLISHED","assignerShortName":"siemens","dateReserved":"2024-04-08T15:37:27.223Z","datePublished":"2025-11-11T20:20:18.134Z","dateUpdated":"2025-11-12T21:09:08.910Z"},"containers":{"cna":{"providerMetadata":{"orgId":"cec7a2ec-15b4-4faf-bd53-b40f371f3a77","shortName":"siemens","dateUpdated":"2025-11-11T20:20:18.134Z"},"descriptions":[{"lang":"en","value":"A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user."}],"affected":[{"vendor":"Siemens","product":"Spectrum Power 4","versions":[{"status":"affected","version":"0","lessThan":"V4.70 SP12 Update 2","versionType":"custom"}],"defaultStatus":"unknown"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH"}},{"cvssV4_0":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":8.7,"baseSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-829","description":"CWE-829: Inclusion of Functionality from Untrusted Control Sphere","type":"CWE"}]}],"references":[{"url":"https://cert-portal.siemens.com/productcert/html/ssa-339694.html"}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-12T21:07:33.051023Z","id":"CVE-2024-32011","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-12T21:09:08.910Z"}}]}}