The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.Referenceshttps://cert-portal.siemens.com/productcert/html/ssa-195895.html
