all InfoSec news
SSA-547714 V1.0: Argument Injection Vulnerability in SIMATIC WinCC OA Ultralight Client
Siemens ProductCERT Security Advisories cert-portal.siemens.com
SIMATIC WinCC OA contains an argument injection vulnerability that could allow an authenticated remote attacker to inject arbitrary parameters, when starting the Ultralight Client via the web interface (e.g., open attacker chosen panels with the attacker’s credentials or start a Ctrl script).
Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens is preparing further updates and recommends specific countermeasures for products where updates are not, or not yet available.
argument attacker client credentials inject injection interface panels script siemens simatic ssa start the web updates vulnerability web web interface