CISA has published an advisory on SQL injection, improper restriction of rendered UI layers or frames, and exposure of sensitive information to an unauthorized actor vulnerabilities in Siemens Desigo Insight. All versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to retrieve or modify data and gain access to sensitive information. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Siemens has identified specific workarounds and mitigations users can apply to reduce risk. CISA also advised on a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!