SSA-387223 V1.0: Unauthenticated Control Panel Escape Vulnerability on SIMATIC HMI Unified Comfort before V21.0

Risk Summary

<p>SIMATIC HMI Unified Comfort Panels before V21.0 are affected by a vulnerability that allows an unauthenticated attacker to access the web browser via the help link. This vulnerability allows an attacker to access the web browser through the Control Panel if it is not protected by the corresponding security mechanisms. This opens the possibility for the attacker to find backdoors, which might lead to unwanted misconfigurations.</p> <p>Siemens has released new versions for the affected products and recommends to update to the latest versions.</p>

Remediations

• Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Affected Products (1)