How could an attacker exploit this vulnerability? An authenticated attacker with access to the file upload feature could exploit this path traversal vulnerability by uploading malicious files to sensitive locations on the server. What actions do customers need to take to protect themselves from this vulnerability? Customers need to update their Defender for IoT software to version 24.1.3 or above. For more information, see OT monitoring software versions. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? An attacker would be required to have an administrative account in the Defender for OT web application or to be an authorized user with access to a private key that matches a public key already present on the server to exploit this vulnerability.
<a href="https://www.siemens-energy.com/">Siemens Energy</a>, <a href="https://www.siemens-energy.com/">Siemens Energy</a>