Siemens has patched three security vulnerabilities in its Plant Management Product, the Siemens TeleControl Basic system. The system is used in water treatment facilities, traffic monitoring systems, and energy distribution plants. The flaws affect TeleControl Server Basic versions prior to V3.1, the most severe one is tracked as CVE-2018-4836 and rated high severity. One of these vulnerabilities could allow an authenticated attacker with network access to escalate privileges and perform administrative actions. The US ICS-CERT also published a detailed advisory for the vulnerabilities.”]
Source: https://securityaffairs.co/wordpress/68508/security/siemens-telecontrol-basic-flaws.html