The NCCIC has published an advisory on an improper access control vulnerability in 3S-Smart Software Solutions GmbH CODESYS Control V3 Products. Numerous products and versions of these products are affected. Successful exploitation of this vulnerability could allow unauthorized access and exfiltration of sensitive data including user credentials. 3S-Smart Software Solutions GmbH recommends activating the CODESYS Control online user management and encryption of the online communication. 3S-Smart Software Solutions GmbH recommends updating to the latest software Version 3.5.14.0 or newer. The NCCIC also advises on a series of mitigating measures for these vulnerabilities. NCCIC/ICS-CERT.