CISA has published an advisory on cross-site request forgery, improper neutralization of script-related HTML tags in a web page, and improper input validation vulnerabilities in Siemens XHQ Operations Intelligence products. All versions of the product are affected. Successful exploitation of these vulnerabilities could allow an attacker to read or modify contents of the web application. Siemens recommends users update XHQ Operations Intelligence product line to v6.0.0.2 or later. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.
Early bird registration for H2OSecCon 2024 is now open! - REGISTER HERE