An authentication bypass vulnerability in a Siemens device could allow an attacker to gain control of the device. The vulnerability is in the Siemens SICAM MIC, a small telecontrol system that includes an integrated Web server and several other features. The bug can be exploited remotely, but ICS-CERT says there is no known public exploit yet. The company has released an updated version of the firmware that fixes the problem. It says a legitimate user must be logged into the web interface for the attack to be successful.
Source: https://threatpost.com/authentication-bypass-bug-hits-siemens-energy-automation-device/113814/