The NCCIC has published an advisory on an improper input validation, out-of-bounds read, code injection, untrusted pointer dereference, out-of-bounds write, relative path traversal, injection, use of hard-coded credentials, and authentication bypass using an alternate path or channel vulnerabilities in LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA. Version 4.1.0.3870 is affected. Successful exploitation of these vulnerabilities could allow remote code execution, data exfiltration, or cause a system crash. LCDS recommends users update to Version 4.1.0.4150. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.