You are here

Schneider Electric Spectrum Power (ICSA-19-190-04) – Products Used in the Energy Sector

Schneider Electric Spectrum Power (ICSA-19-190-04) – Products Used in the Energy Sector

Created: Wednesday, July 10, 2019 - 16:16
Categories:
Cyber Security

The NCCIC has published an advisory on a cross-site scripting vulnerability in Spectrum Power. Versions of Spectrum Power 3, 4, 5, and 7 are affected. Successful exploitation of this vulnerability could allow an attacker to inject arbitrary code in a specially crafted HTTP request and monitor information. Siemens recommends installing the software update to address the vulnerability. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.