The NCCIC has released an advisory on an uncontrolled search path element vulnerability in Siemens SIMATIC WinCC OA. SIMATIC WinCC OA Version 3.14 and prior are affected. Successful exploitation of this vulnerability could allow an unauthenticated remote user to escalate their privileges in the context of the program. Siemens recommends updating to SIMATIC WinCC OA v3.14-P021 and a series of manual mitigations to reduce risks. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.