April 5, 2018

The NCCIC/ICS-CERT has updated this advisory with addititional information on mitigating measures. NCCIC/ICS-CERT.

April 3, 2018

The NCCIC/ICS-CERT has released an advisory on vulnerabilities in Siemens Building Technologies Products. Multiple versions of these products are affected. Successful exploitation of these vulnerabilities may allow arbitrary code execution, NTLM-relay attacks, remote code execution, denial of service, or increased attack surface. Siemens recommends that users upgrade License Management System (LMS) to version 2.1 SP4 (2.1.681) or newer. The NCCIC/ICS-CERT also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.