Siemens Metaverse exposes sensitive corporate data

Siemens Metaverse data leak exposes corporate information including ComfyApp credentials and vulnerabilities on WordPress subdomains. Cybernews urges caution due to potential severe fallout.

data breach, Person, Security

Siemens, a global leader in industrial automation and digitalization, inadvertently exposed sensitive information on the domain metaverse.siemens.com. Siemens Metaverse is a platform that provides digital twin applications of Siemens factories and offices. In March 2023, a Cybernews research team discovered an environment file on this domain. The file contained ComfyApp credentials and endpoints. ComfyApp is a Siemens-owned workplace management application comprising sensitive data about the infrastructure of the company. Furthermore, researchers found flaws on several WordPress-based subdomains, that had already been fixed by WordPress itself in 2017.

Siemens considered the issue as non-critical, while Cybernews warns of the devastating consequences of such data leaks.