SSA-977428 (Last Update: 2018-06-12): Vulnerabilities in SCALANCE M875

Published

2018-06-12 00:00:00

Summary

Multiple vulnerabilities have been identified in the web interface of SCALANCE M875. The web interface of SCALANCE M875 could allow Cross-Site Request Forgery (CSRF), stored Cross-Site Scripting (XSS), or command injection attacks if an attacker is authenticated or tricks a legitimate authenticated user into accessing a malicious link.

Siemens recommends customers to upgrade their hardware, and provides mitigations until hardware upgrades can be applied.