<p>Siemens gPROMS Web Applications Publisher (gWAP) is affected by a
remote code execution vulnerability introduced through a third-party
component, namely the Axios HTTP client library. The vulnerability stems
from a specific “Gadget” attack chain that allows prototype pollution in
other third-party libraries, potentially allowing an attacker to execute
arbitrary code.</p>
<p>Siemens has released a new version for gWAP and recommends to update
to the latest version.</p>
Source link
