Siemens has patched five vulnerabilities in its SIMATIC PCS 7 system that could result in privilege escalation and give an attacker unauthenticated access to sensitive data.

Siemens in November released patches for this vulnerability and one other in some versions of WinCC and two other affected products, the TIA Portal and PCS 7.

The password appears to be used by the WinCC software to connect to its MS-SQL back-end database. According to some of the forum posts, changing the password causes the system to stop working.