The NCCIC has released an advisory on improper access control and improper privilege management vulnerabilities in Emerson AMS Device Manager. Versions 12.0 to 13.5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary remote code execution and malware injection. Emerson recommends users patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.