CISA has released an advisory on an incorrect privilege assessment vulnerability in Siemens SINEMA Server. All versions prior to Version 14.0 SP2 Update 1 are affected. Successful exploitation of this vulnerability could allow an attacker with a valid session, with low privileges, to perform firmware updates and other administrative operations on connected devices. Siemens recommends users of the affected product update to a new version and has identified workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.