Vulnerability Alert - Cisco Industrial Network Director
The vulnerability is due to improper access restrictions on the web-based management interface.
A vulnerability in the “plug-and-play” services component of Cisco Industrial Network Director (IND) could allow an unauthenticated, remote attacker to access sensitive information on an affected device.
An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to access running configuration information about devices managed by the IND, including administrative credentials.
Upgrade Cisco Industrial Network Director to a version of 1.6.0 or greater.
 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190904-ind