Siemens SCALANCE W1750D (ICSA-19-134-07) – Products Used in the Water and Wastewater and Energy Sectors

The NCCIC has published an advisory on command injection, information exposure, and cross-site scripting vulnerabilities in Siemens SCALANCE W1750D. All versions prior to 8.4.0.1 are affected. Successful exploitation of these vulnerabilities could allow an attacker execute arbitrary commands within the underlying operating system, discover sensitive information, take administrative actions on the device, or expose session cookies for an administrative session. Siemens recommends users upgrade to Version 8.4.0.1 or later. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.