Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions if the victim is tricked into clicking on a website controlled by the attacker. The attack only works if the victim has an authenticated session on the administrative interface of the switch. Siemens has released updates for the affected products and recommends to update to the latest versions.
https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf