Siemens XHQ Operations Intelligence (ICSA-19-344-05) – Product Used in the Energy Sector

CISA has published an advisory on cross-site request forgery, improper neutralization of script-related HTML tags in a web page, and improper input validation vulnerabilities in Siemens XHQ Operations Intelligence products. All versions of the product are affected. Successful exploitation of these vulnerabilities could allow an attacker to read or modify contents of the web application. Siemens recommends users update XHQ Operations Intelligence product line to v6.0.0.2 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.