July 9, 2019
The NCCIC has updated this advisory with additional information on the technical details of the affected products and mitigation measures. Read the advisory at CISA.
May 14, 2019
The NCCIC has published an advisory on SQL injection, uncaught exception, and exposed dangerous method vulnerabilities in Siemens SIMATIC PCS 7, WinCC, TIA Portal. Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the affected system. Siemens has an update available for this product, version 7.5 update 3. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.