An authenticated attacker could escalate privileges by sending specially crafted requests to the integrated webserver.
Communication with the device is not encrypted. Data transmitted between the device and the user can be obtained by an attacker in a privileged network position.
SIMATIC Ident MV420 and MV440 Families
Vendor has identified the following specific workarounds and mitigations users can apply to reduce the risk:
Please refer to the Operating Instructions for more details: https://support.industry.siemens.com/cs/us/en/view/84553392