August 13, 2019

The NCCIC has updated this advisory with additional information on the affected products. Read the advisory at CISA.

July 9, 2019

The NCCIC has published an advisory on a cross-site scripting vulnerability in Spectrum Power. Versions of Spectrum Power 3, 4, 5, and 7 are affected. Successful exploitation of this vulnerability could allow an attacker to inject arbitrary code in a specially crafted HTTP request and monitor information. Siemens recommends installing the software update to address the vulnerability. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.