Siemens LOGO! Soft Comfort (ICSA-19-134-03)

The NCCIC has published an advisory on a deserialization of untrusted data vulnerability in Siemens LOGO! Soft Comfort. All versions are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code if the attacker tricks a legitimate user into opening a manipulated project. Siemens recommends a series of mitigations to address this vulnerability. The NCCIC has also provided a series of measures to address this vulnerability. Read the advisory at NCCIC/ICS-CERT.