Siemens gWAP
Summary
Siemens gPROMS Web Applications Publisher (gWAP) is vulnerable to remote code execution due to a flaw in the third-party Axios HTTP client library. This vulnerability, identified as CVE-2026-40175, allows for prototype pollution that can lead to arbitrary code execution. Siemens has released an update to address this issue.
IFF Assessment
This vulnerability allows for remote code execution, posing a significant threat to defenders and critical infrastructure.
Severity
The article describes a remote code execution vulnerability with potential for widespread impact in critical manufacturing, indicating a high severity. While a specific score isn't given in the text, the described impact and attack vector suggest a high CVSS score, likely in the 8.0-9.0 range.
Defender Context
This advisory highlights the importance of supply chain security, as a vulnerability in a third-party component (Axios) led to a critical flaw in Siemens gWAP. Defenders should be vigilant about patching affected systems and scrutinizing the security of software dependencies.