SIEMENS-SSA-226339 · Published 2020-10-13 · View on Siemens ProductCERT ↗

SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight

CVSS 5.4 MEDIUM

Risk Summary

<p>The latest hotfix for Desigo Insight fixes three vulnerabilities that have been identified in the web server, including SQL injection (CVE-2020-15792), clickjacking (CVE-2020-15793), and full path disclosure (CVE-2020-15794).</p> <p>Siemens recommends updating to the latest version of Desigo Insight and to apply the hotfix.</p>

CVEs (3)

CVE-2020-15792 CVE-2020-15793 CVE-2020-15794

Remediations

Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-226339 (Last Update: 2020-10-13): Multiple Web Application Vulnerabilities in Desigo Insight See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more