Researchers discovered two flaws in Siemens SICAM PAS widely used in the energy industry. One of the vulnerabilities is still unpatched. Siemens is currently working on addressing CVE-2016-5849 and invites customers to contact the support center for instructions on how to mitigate the issue waiting for an official patch. The software running on the Siemens software doesnt properly protect user passwords, an attacker can exploit the flaws to reconstruct the information (CVE-16-5848) The second vulnerability can be exploited by attackers to access sensitive configuration data.”]
Source: https://securityaffairs.co/wordpress/48922/security/siemens-sicam-pas-flaws.html