SSA-710008 V1.3 (Last Update: 2023-04-11): Multiple Web Vulnerabilities in SCALANCE Products

SCALANCE devices contain multiple vulnerabilities in MSPS based product lines that could allow authenticated remote attackers to execute custom code or create a XSS situation, as well as unauthenticated remote attackers to create a denial of service condition.

Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends specific countermeasures for products where updates are not, or not yet available.

attackers code custom denial of service devices msps product products service siemens ssa unauthenticated update updates vulnerabilities web web vulnerabilities xss