Siemens is warning its industrial hardware networking system users about multiple vulnerabilities including a bug that could allow a remote attacker to disrupt production. The most dangerous vulnerabilities already require the attacker to be authenticated on the system. Users of the SINEC NMS should update to version V1.0 SP2 or newer to prevent exploitation of 15 vulnerabilities, Siemens says. An attacker can change account details without undergoing checks, they can change their own account details, such as their email ID and password.”]
Source: https://www.cuinfosecurity.com/siemens-patches-vulnerabilities-in-network-management-system-a-19411