You are here

Siemens LOGO! Web Server (ICSA-20-196-08) – Products Used in the Water and Wastewater and Energy Sectors

Siemens LOGO! Web Server (ICSA-20-196-08) – Products Used in the Water and Wastewater and Energy Sectors

Created: Thursday, July 16, 2020 - 11:33

CISA has published an advisory on a classic buffer overflow vulnerability in Siemens LOGO! Web Server. Numerous versions are affected. Successful exploitation of this vulnerability could allow remote code execution. Should the attacker gain access to the session cookies, they could then hijack the session and perform arbitrary actions in the name of the victim. Siemens recommends users apply upgrades. It has also identified specific workarounds and mitigations customers can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Access the advisory at CISA.