{"id":13302,"date":"2026-01-30T15:10:38","date_gmt":"2026-01-30T14:10:38","guid":{"rendered":"https:\/\/limessecurity.ninja\/siemens-spectrum-power-4-critical-vulnerabilities-discovered-in-scada-and-energy-management-system\/"},"modified":"2026-03-03T13:32:16","modified_gmt":"2026-03-03T12:32:16","slug":"siemens-spectrum-power-4-critical-vulnerabilities-discovered-in-scada-and-energy-management-system","status":"publish","type":"post","link":"https:\/\/limessecurity.com\/en\/siemens-spectrum-power-4-critical-vulnerabilities-discovered-in-scada-and-energy-management-system\/","title":{"rendered":"Siemens Spectrum Power 4 \u2013 critical Vulnerabilities discovered in SCADA- and Energy Management System"},"content":{"rendered":"[vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]During a security assessment for a customer, we discovered five vulnerabilities in Siemens Spectrum Power 4 \u2013 a widely deployed SCADA and Energy Management System used by transmission and distribution system operators worldwide. The vulnerabilities enable both local privilege escalation and remote code execution as an application administrator. <\/p>\n

First: Siemens has meanwhile released V4.70 SP12 Update 2 addressing all issues. Operators running affected versions should apply the update following Siemens\u2019 guidance.<\/p>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]\n

Discovered Vulnerabilities<\/h2>\n[\/vc_column_text][divider line_type=”No Line”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”87″ label_value=”8.7″ color=”#9e1510″ css=”.vc_custom_1769763535769{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” el_id=”orangePieChart” title=”CVSS v4.0 Score” units=”\/high”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1769782441296-9″ icon_fontawesome=”fa fa-thumb-tack” header=”Product:” text=”Siemens Spectrum Power 4″ tab_id=”1769782441296-10″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1769782441311-7″ icon_fontawesome=”fa fa-thumb-tack” header=”Affected versions:” text=”Version 4.70 SP12 Update 2″ tab_id=”1769782441312-9″][\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1769782441317-5″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1769782441317-9″]\n

CVE-2024-32011<\/a><\/p>\n[\/nectar_icon_list_item][nectar_icon_list_item icon_type=”icon” text_full_html=”simple” title=”List Item” id=”1769782441332-10″ icon_fontawesome=”fa fa-thumb-tack” header=”Found by:” text=”Felix Eberstaller and Sixtus Leonhardsberger, Limes Security GmbH” tab_id=”1769782441333-0″][\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][nectar_btn size=”small” button_style=”regular” button_color_2=”Accent-Color” icon_family=”none” text=”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N” url=”https:\/\/www.first.org\/cvss\/calculator\/4-0#CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:L\/UI:N\/VC:H\/VI:H\/VA:H\/SC:N\/SI:N\/SA:N”][vc_column_text css=”” text_direction=”default”]Remote command execution via network\u2013accessible UI[\/vc_column_text][divider line_type=”Small Line” line_alignment=”center” line_thickness=”1″ divider_color=”default”][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/2″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”85″ label_value=”8.5″ color=”#9e1510″ css=”.vc_custom_1769763561805{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1769782441513-7″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1769782441514-4″]\n

CVE-2024-32008<\/a><\/p>\n[\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][vc_column_text css=”” text_direction=”default”]\n

Local privilege escalation via debug interface<\/p>\n[\/vc_column_text][divider line_type=”No Line” custom_height=”10 px”][\/vc_column][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/2″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”85″ label_value=”8.5″ color=”#9e1510″ css=”.vc_custom_1769763571760{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1769782441651-0″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1769782441652-5″]\n

CVE-2024-32009<\/a><\/p>\n[\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][vc_column_text css=”” text_direction=”default”]\n

Local privilege escalation via binary misconfiguration<\/p>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”1%” bottom_padding=”1%” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” gradient_type=”default” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/2″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”85″ label_value=”8.5″ color=”#9e1510″ css=”.vc_custom_1769763583261{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1769782441819-7″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1769782441820-4″]\n

CVE-2024-32010<\/a><\/p>\n[\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][vc_column_text css=”” text_direction=”default”]\n

Credential extraction from world\u2013readable file<\/p>\n[\/vc_column_text][\/vc_column][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/2″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_row_inner equal_height=”yes” content_placement=”top” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center” row_position=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” pointer_events=”all”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”0″ constrain_group_1=”yes” bottom_margin=”0″ left_margin=”0″ constrain_group_2=”yes” right_margin=”0″ flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][vc_pie value=”56″ label_value=”5.6″ color=”#9e1510″ css=”.vc_custom_1769763593897{background-position: center !important;background-repeat: no-repeat !important;background-size: cover !important;}” title=”CVSS v4.0 Score”][\/vc_column_inner][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” centered_text=”true” desktop_text_alignment=”left” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” overflow=”visible” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”2\/3″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][nectar_icon_list color=”default” direction=”vertical” icon_size=”small” icon_style=”border”][nectar_icon_list_item icon_type=”icon” text_full_html=”html” title=”List Item” id=”1769782441967-0″ icon_fontawesome=”fa fa-thumb-tack” header=”CVE \/ Vendor ID:” tab_id=”1769782441967-3″]\n

CVE-2024-32014<\/a><\/p>\n[\/nectar_icon_list_item][\/nectar_icon_list][\/vc_column_inner][\/vc_row_inner][vc_column_text css=”” text_direction=”default”]\n

Local database manipulation<\/p>\n[\/vc_column_text][\/vc_column][\/vc_row][vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][divider line_type=”No Line” custom_height=”20px”][vc_column_text css=”” text_direction=”default”]We are withholding detailed exploitation steps as many operators are still in the process of applying mitigations. However, we can share the general attack pattern for CVE\u20132024\u201332011. <\/p>\n

Attack Pattern: Kiosk Escape with a Twist<\/h2>\n

Spectrum Power 4 provides users with a SCADA client to interact with grid management applications on the server. Like other SCADA systems, it uses X11 for graphical rendering\u2013but critically, these sessions render server\u2013side rather than on the client. <\/p>\n

From the SCADA user interface, operators can launch various helper applications such as PDF viewers or editors. Some of these applications provide functionality to browse the local filesystem or spawn external programs. An attacker abusing this can escape the intended application boundary \u2013 for instance, opening a file browser dialog, navigating to a terminal emulator, or leveraging an application like gvim \u2013 to execute shell commands.[\/vc_column_text][\/vc_column][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” top_margin=”7%” bottom_margin=”7%” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid” column_padding_type=”default” gradient_type=”default”][image_with_animation image_url=”11591″ image_size=”full” max_width=”100%” max_width_mobile=”default” animation_type=”entrance” animation=”None” animation_movement_type=”transform_y” hover_animation=”none” alignment=”center” border_radius=”none” box_shadow=”none” image_loading=”default”][\/vc_column][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_backdrop_filter=”none” column_shadow=”none” column_border_radius=”none” column_link_target=”_self” column_position=”default” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” animation_type=”default” bg_image_animation=”none” border_type=”simple” column_border_width=”none” column_border_style=”solid”][vc_column_text css=”” text_direction=”default”]The key issue: because of the server\u2013side X11 architecture, this shell access lands directly on the Spectrum Power server itself, not on the user\u2019s client machine.<\/strong><\/p>\n

From this initial foothold, an attacker can chain the local privilege escalation vulnerabilities (CVE\u20132024\u201332008, CVE\u20132024\u201332009, or CVE\u20132024\u201332010) to achieve full administrative control of the server. Given the interconnected nature of Spectrum Power deployments, this can enable lateral movement across the entire grid management infrastructure.[\/vc_column_text][divider line_type=”No Line” custom_height=”15px”][vc_column_text css=”” text_direction=”default”]\n

About Spectrum Power 4<\/strong><\/h2>\n

Spectrum Power is Siemens\u2019 grid management platform providing SCADA, energy management, and distribution management capabilities. According to Siemens, it is \u201cthe globally leading power grid management software system\u201d. The current generation, Spectrum Power 7, is deployed in over 1,300 control centers across 90 countries. <\/p>\n

CISA classifies Spectrum Power deployments within critical infrastructure sectors including Energy, Chemical, Critical Manufacturing, Food and Agriculture, and Water and Wastewater Systems (ICSA-19-099-02<\/a>).<\/p>\n

Legacy, but still in production<\/h3>\n

Spectrum Power 4 is the predecessor to the current Spectrum Power 7 product line. While Siemens actively markets SP7 for new deployments \u2013 including a recent major contract with DB Energie for the German railway grid \u2013 many SP4 installations remain in production worldwide. <\/p>\n

This is typical for critical infrastructure. SCADA and EMS upgrades are complex multi-year projects involving: <\/p>\n

    \n
  • 24\/7 availability requirements \u2013 grids cannot go offline for migrations<\/li>\n
  • Regulatory requirements\u2013 new systems require extensive validation<\/li>\n
  • Integration dependencies \u2013 connections to RTUs, historians, market systems, and third-party tools<\/li>\n
  • Budget cycles \u2013 capital expenditure for control system upgrades competes with other grid investments<\/li>\n<\/ul>\n

    The result is a long tail of legacy systems running in production, often for a decade or more beyond their intended lifecycle. Security research on these systems remains critical\u2013operators need vulnerability information and patches regardless of whether the product is still actively sold. <\/p>\n

    This discovery highlights why regular security assessments of SCADA and EMS products remain essential.[\/vc_column_text][divider line_type=”No Line” custom_height=”20 px”][\/vc_column][\/vc_row]\n","protected":false},"excerpt":{"rendered":"

    [vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” row_position_desktop=”default” row_position_tablet=”inherit” row_position_phone=”inherit” overflow=”visible” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none”][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” flex_gap_desktop=”10px” column_element_direction_desktop=”default” column_element_spacing=”default” desktop_text_alignment=”default” tablet_text_alignment=”default” phone_text_alignment=”default”…<\/p>\n","protected":false},"author":5,"featured_media":13303,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[315],"tags":[],"class_list":{"0":"post-13302","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-advisories"},"_links":{"self":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13302","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/comments?post=13302"}],"version-history":[{"count":0,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/posts\/13302\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media\/13303"}],"wp:attachment":[{"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/media?parent=13302"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/categories?post=13302"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/limessecurity.com\/en\/wp-json\/wp\/v2\/tags?post=13302"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}