CISA has published an advisory on an external control of assumed-immutable web parameter vulnerability in Siemens Desigo PX Devices. Numerous products and versions of the products are affected. Successful exploitation of this vulnerability could allow an attacker to cause a denial-of-service condition on the device’s web server, requiring a reboot to recover the web interface. Siemens has an update available for some of the affected products and has identified specific workarounds and mitigations that users can apply to reduce risk for the others. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at WaterISAC.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!