Siemens SIMATIC Ident MV420 and MV440 Families (ICSA-19-162-02)

The NCCIC has published an advisory on improper privilege management and cleartext transmission of sensitive information vulnerabilities in Siemens SIMATIC Ident MV420 and MV440 Families. All versions of both products are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to escalate privileges and view data transmitted between the device and the user. Siemens has identified specific workarounds and mitigations to reduce the risk. The NCCIC also advised on a series of mitigating measures for the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.