The vulnerability is in more than a dozen Siemens products including versions of its SINEMA Server, SIMATIC PCS 7, SIMatIC NET PC-Software and its Security Configuration Tool. Some of the issues have been patched, or in other cases, Siemens has provided a workaround. The good news is the vulnerability is not exploitable remotely and crafting a working exploit for the flaw would be difficult, Siemens said. There is no known public exploit of the vulnerability, according to Siemens.
Source: https://threatpost.com/siemens-discloses-local-privilege-escalation-bug-in-scada-gear/121900/