<p>Affected products do not properly restrict access permissions to a
local Windows Named Pipe and do not properly sanitize user-controllable
input sent to that Named Pipe. This could allow a local authenticated
attacker to cause a type confusion and execute arbitrary code within the
affected application and its privileges.</p>
<p>Siemens has released new versions for several affected products and
recommends to update to the latest versions. Siemens is preparing
further fix versions and recommends specific countermeasures for
products where fixes are not, or not yet available.</p>
Source link
