The NCCIC has published an advisory on improper restriction of operations within the bounds of a memory buffer and session fixation vulnerabilities in Siemens LOGO!8 devices. Multiple versions of these devices are affected. Successful exploitation of these vulnerabilities could allow a remote attacker to escalate privileges and view data transmitted between the device and the user. For some devices, Siemens recommends upgrading to a new version. For others, Siemens has identified specific workarounds and mitigations to reduce the risk. The NCCIC also advised on a series of mitigating measures for the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.