You are here

Siemens SIMATIC Panels (ICSA-18-317-08) – Products Used in the Energy Sector

Siemens SIMATIC Panels (ICSA-18-317-08) – Products Used in the Energy Sector

Created: Wednesday, November 14, 2018 - 18:13
Categories:
Cybersecurity

The NCCIC has released an advisory on path traversal and open redirect vulnerabilities in Siemens SIMATIC Panels. Numerous products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow download of arbitrary files from the device, or allow URL redirections to untrusted websites. Siemens has identified the following specific workarounds and mitigations users can apply to reduce the risk. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.