<p>SICAM T before V3.0 contain multiple vulnerabilities. These include
critical issues such as improper parameter and input validation, various
Cross-Site Scripting (XSS) vulnerabilities , and a Cross-Site Request
Forgery (CSRF) vulnerability . Additional weaknesses comprise session
fixation, authentication and authorization bypasses , missing HTTPS
protection, and missing cookie protection flags. These issues could
potentially lead to remote code execution, denial of service,
unauthorized access to web-interface functionality, session hijacking,
impersonation of legitimate users, or allow an attacker to perform
arbitrary actions on the device on behalf of a user.</p>
<p>Siemens has released a new version for SICAM T and recommends to
update to the latest version.</p>
Source link
