The NCCIC has published an advisory on cross-site scripting, path traversal, improper authentication, improper input validation, and code injection vulnerabilities in Columbia Weather Systems MicroServer. Weather MicroServer firmware Version MS_2.6.9900 and prior are affected. Successful exploitation of these vulnerabilities may allow disclosure of data, cause a denial-of-service condition, and allow remote code execution. Columbia Weather Systems has released a firmware update, Version: MS_2.7.9973, that addresses all of the vulnerabilities. The NCCIC also recommends a series of mitigating measures for this vulnerability. Read the advisory at NCCIC/ICS-CERT.