The NCCIC has published an advisory on uncontrolled search path, use of hard-coded credentials, and improper access controls vulnerabilities in GE Communicator. Communicator components, all versions prior to 4.0.517, are affected. Successful exploitation of these vulnerabilities could allow an attacker to gain administrative privileges, manipulate widgets and UI elements, gain control over the database, or execute administrative commands. GE recommends users upgrade to GE Communicator version 4.0.517 or newer. The NCCIC also provides a series of recommendations for addressing the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.