You are here

Siemens Desigo Insight (ICSA-20-287-05)

Siemens Desigo Insight (ICSA-20-287-05)

Created: Tuesday, October 13, 2020 - 15:25
Categories:
Cyber Security

CISA has published an advisory on SQL injection, improper restriction of rendered UI layers or frames, and exposure of sensitive information to an unauthorized actor vulnerabilities in Siemens Desigo Insight. All versions of this product are affected. Successful exploitation of these vulnerabilities could allow an attacker to retrieve or modify data and gain access to sensitive information. Fieldcomm Group recommends users restrict access to the computers or devices running the software. Siemens has identified specific workarounds and mitigations users can apply to reduce risk. CISA also advised on a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.