Siemens OZW Web Server (ICSA-20-042-09)

CISA has published an advisory on an information disclosure vulnerability in Siemens OZW web server. All versions prior to 10.0 are affected. Successful exploitation of this vulnerability could allow unauthenticated users to access project files. Siemens recommends users update OZW672 and OZW77 to version 10.0 and has identified specific workarounds and mitigations users can apply to reduce the risk. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.