The NCCIC has released an advisory on an improper privilege management vulnerability in Siemens ROX II. All versions prior to v2.12.1 are affected. Successful exploitation of these vulnerabilities could allow valid users to escalate their privileges and execute arbitrary commands. Siemens recommends users update to the new version (v2.12.1) as soon as possible. To reduce risk, Siemens recommends that administrators restrict network access to prevent potential attackers from accessing Port 22/TCP, if possible. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.