The NCCIC has published an advisory on an insufficiently protected credentials vulnerability in AVEVA Vijeo Citect and CitectSCADA. Verions 7.30 and 7.40 of Citect and CitectSCADA are affected. Successful exploitation of this vulnerability could allow a locally authenticated user to obtain Citect user credentials. AVEVA recommends all affected users download and upgrade to CitectSCADA 2018 as soon as possible. The NCCIC also provided a list of recommended measures to mitigate this vulnerability. Read the advisory at the NCCIC/ICS-CERT.