This week, we look into the recent API vulnerabilities in Siemens plant operation control system, D-Link routers, and Cisco network management. In addition, OWASP has formally released their first-ever Top 10 list of API security.
Vulnerability: Siemens SPPA-T3000
The application server of the Siemens plant operation control system SPPA-T3000 had API vulnerabilities. The AdminService API was accessible without authentication as long as you had network access to it and knew how to craft requests for it.