CISA has published an advisory on a code injection vulnerability in Siemens Desigo CC. For Desigo CC and Desigo CC Compact, versions 3.x and 4.x are affected. Successful exploitation of this vulnerability could allow an attacker to gain remote code execution on the server with SYSTEM privileges. Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE