CISA has published an advisory on improper restriction of excessive authentication attempts and authentication bypass by primary weakness vulnerabilities in Siemens SIMATIC HMI. Multiple products and versions of these products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to discover user passwords and obtain access to the Sm@rt Server via a brute-force attack. Siemens is preparing updates and recommends specific countermeasures for products where updates are not yet available. Siemens has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.