The NCCIC has released an advisory on a cross-site scripting vulnerability in Siemens SCALANCE S. Numerous products and versions of these products are affected. If an attacker tricks a user into clicking a malicious link, the device could allow arbitrary script injection (XSS). Siemens recommends users update to Version 4.0.1.1. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.