The NCCIC has published an advisory on a cross-site scripting vulnerability in Spectrum Power. Versions of Spectrum Power 3, 4, 5, and 7 are affected. Successful exploitation of this vulnerability could allow an attacker to inject arbitrary code in a specially crafted HTTP request and monitor information. Siemens recommends installing the software update to address the vulnerability. The NCCIC also advises of a series of measures for mitigating this vulnerability. Read the advisory at CISA.