Seventeen bugs could be exploited to stop electrical generation and cause malfunctions at power plants. The affected product is SPPA-T3000, a distributed control system used for orchestrating and supervising electrical generation at major power plants in the U.S., Germany, Russia and other countries. The vulnerabilities were discovered in two specific components of the platform: The application server (seven bugs) and the migration server (10 found) The most severe of the issues can enable RCE on the application server.
Source: https://threatpost.com/critical-remote-code-execution-global-power-plants/151087/