Siemens SINEMA Remote Connect Server (ICSA-19-260-02) – Product Used in the Water and Wastewater and Energy Sectors

CISA has released an advisory on improper restriction of excessive authentication attempts, information exposure, cross-site request forgery, and use of password hash with insufficient computational effort vulnerabilities in Siemens SINEMA Remote Connect Server. Versions prior to 2.0 SP1 are affected. Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to the web interface, improper access to privileged user and device information, and may allow successful CSRF attacks. Siemens recommends users upgrade to Versions 2.0 SP1 or later for the affected products. CISA also recommends a series of measures to mitigate the vulnerabilities. Read the advisory at CISA.