← Back to home
SIEMENS-SSA-876049  ·  Published 2026-05-12  ·  View on Siemens ProductCERT ↗

SSA-876049 V1.0: Prototype Pollution Vulnerability in Axios Library Affecting Siemens gWAP Before V3.1.1

CVSS N/A MEDIUM

Risk Summary

<p>Siemens gPROMS Web Applications Publisher (gWAP) is affected by a remote code execution vulnerability introduced through a third-party component, namely the Axios HTTP client library. The vulnerability stems from a specific “Gadget” attack chain that allows prototype pollution in other third-party libraries, potentially allowing an attacker to execute arbitrary code.</p> <p>Siemens has released a new version for gWAP and recommends to update to the latest version.</p>

Remediations

  • Refer to Siemens ProductCERT advisory for patch and remediation guidance.

Affected Vendors

Siemens

Affected Products (1)

Siemens · SSA-876049 V1.0: Prototype Pollution Vulnerability in Axios Library Affecting Siemens gWAP Before V3.1.1 See advisory

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more