The NCCIC has released an advisory on an improper input validation vulnerability in Siemens SIMATIC Panels and SIMATIC WinCC (TIA Portal). Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker with network access to the web server to perform a HTTP header injection attack. Siemens has provided updates for the products to fix the vulnerability. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.
H2Oex: In Person 1 day event/exercise. Thurs Dec 5th. Washington DC. Join us!