SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight

Published

2020-10-13 00:00:00 UTC

Summary

The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794).

Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.

Source

https://cert-portal.siemens.com/productcert/pdf/ssa-226339.pdf