April 14, 2020

CISA has updated this advisory with additional details on the affected products. Read the advisory at CISA.

January 15, 2020

CISA has released an advisory on a path traversal vulnerability in Siemens TIA Portal. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could allow a local attacker to execute arbitrary code with SYSTEM privileges. Siemens recommends users of the affected products update to a new version and has identified workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.