The NCCIC has released an advisory on OS command injections, improper access control, and insufficiently protected credentials vulnerabilities in Creston TSW-X60 and MC3. For TSW-X60, all versions prior to 2.001.0037.001 are affected. For MC3, all versions prior to 1.502.0047.001 are affected. Successful exploitation of these vulnerabilities may allow remote code execution with escalated system privileges. Crestron recommends users upgrade their devices to the newest firmware. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.