The NCCIC has published an advisory on SQL injection, uncaught exception, and exposed dangerous method vulnerabilities in Siemens SIMATIC PCS 7, WinCC, TIA Portal. Numerous products and versions of the products are affected. Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands on the affected system. Siemens has an update available for this product, version 7.5 update 3. The NCCIC has also provided a series of measures to address the vulnerabilities. Read the advisory at NCCIC/ICS-CERT.