Siemens TD Keypad Designer (ICSA-18-254-03) – Product Used in the Water and Wastewater and Energy Sectors

The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Siemens TD Keypad Designer. All versions of this product are affected. Successful exploitation of this vulnerability could allow a local low-privileged attacker to escalate their privileges. Siemens has identified specific workarounds and mitigations that users can apply to reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.