You are here

Siemens SCALANCE S (ICSA-18-317-04) – Product Used in the Water and Wastewater and Energy Sectors

Siemens SCALANCE S (ICSA-18-317-04) – Product Used in the Water and Wastewater and Energy Sectors

Created: Wednesday, November 14, 2018 - 18:08
Categories:
Cybersecurity

The NCCIC has released an advisory on a cross-site scripting vulnerability in Siemens SCALANCE S. Numerous products and versions of these products are affected. If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). Siemens recommends users update to Version 4.0.1.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.