The NCCIC has published an advisory on use of hard-coded credentials, insufficient protection of credentials, and cross-site scripting vulnerabilities in Siemens SIMATIC Panels and WinCC (TIA Portal). Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker with network access to the device to read/write variables via SNMP. Siemens has released updates for the affected products. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.