Siemens Metaverse exposes sensitive corporate data
Siemens Metaverse data leak exposes corporate information including ComfyApp credentials and vulnerabilities on WordPress subdomains. Cybernews urges caution due to potential severe fallout.
Siemens, a global leader in industrial automation and digitalization, inadvertently exposed sensitive information on the domain metaverse.siemens.com. Siemens Metaverse is a platform that provides digital twin applications of Siemens factories and offices. In March 2023, a Cybernews research team discovered an environment file on this domain. The file contained ComfyApp credentials and endpoints. ComfyApp is a Siemens-owned workplace management application comprising sensitive data about the infrastructure of the company. Furthermore, researchers found flaws on several WordPress-based subdomains, that had already been fixed by WordPress itself in 2017.
Siemens considered the issue as non-critical, while Cybernews warns of the devastating consequences of such data leaks.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.
