The NCCIC has released an advisory on improper authentication and cross-site scripting vulnerabilities in ControlByWeb X-320M. Versions 1.05 and prior are affected. Successful exploitation of these vulnerabilities may allow arbitrary code execution and could cause the device being accessed to require a physical factory reset to restore the device to an operational state. ControlByWeb has released a firmware update to address the vulnerabilities found on the X-320M. The NCCIC also advises on a series of mitigating measures for this vulnerability. Read the full advisory at NCCIC/ICS-CERT.