CISA has published an advisory on cross-site scripting and basic XSS vulnerabilities in Siemens Climatix. All versions of Climatix POL908 (BACnet/IP module) and Climatix POL909 (AWM module) are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code to access confidential information without authentication. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
You are here
Related Resources
Jan 30, 2025 in Cybersecurity, in Security Preparedness
Jan 30, 2025 in Cybersecurity, in Security Preparedness
Jan 30, 2025 in Cybersecurity, in Security Preparedness