The NCCIC has released an advisory on incorrect default permissions, XXE, and resource exhaustion vulnerabilities in Schweitzer Engineering Laboratories, Inc. Compass and AcSELerator Architect. Compass Version 3.0.5.1 and prior and AcSELerator Architect Version 2.2.24.0 and prior are affected. Successful exploitation of these vulnerabilities could allow modification/replacement of files within the Compass installation directory, disclosure of information, or denial of service. Schweitzer Engineering Laboratories recommends users upgrade to the latest release of both products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT