The NCCIC has published an advisory on command injection, information exposure, and cross-site scripting vulnerabilities in Siemens SCALANCE W1750D. All versions prior to 220.127.116.11 are affected. Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session. Siemens recommends users upgrade to Version 18.104.22.168 or later. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.