SSA-786743 (Last Update: 2020-08-11): Code Injection Vulnerability in Advanced Reporting for Desigo CC and Desigo CC Compact

2020-08-11 00:00:00 UTC

The extension module Advanced Reporting for Desigo CC and Desigo CC Compact contains a code injection vulnerability, which could be exploited if the extension module is installed on the server and configured.

Siemens has released patches for the affected products and recommends specific countermeasures for unpatched systems.