This is the second such disclosure by researcher Luigi Auriemma this year. In March, he in SCADA products from Siemens, Iconics, 7-Technologies and Datac. His disclosure prompted the US-Computer Emergency Response Team (US-CERT) to issue four alerts warning about the vulnerabilities.

The most recent affect SCADA products from six vendors, including Rockwell Automation, Cogent Datahub, Measuresoft and Progea. Several of the flaws could enable remote execution attacks and denial-of-service attacks against the vulnerable systems.

In emailed comments, Auriemma said that almost all of the vulnerabilities he discovered are remote code execution flaws that allow attackers to run code of their choice on the vulnerable systems. Only one of the flaws is a denial-of-service vulnerability. It's still unclear whether the flaw in Rockwell's product could allow code execution, Auriemma said.

The researcher described some of the flaws as being easy to exploit. With "one of them, [it] is just enough to type the command you want to execute remotely while the others are classical easy-to-exploit bugs. In some cases, the exploitation is a bit more difficult," Auriemma said.

Auriemma said that he has not contacted any of the vendors about his findings. "This was only a quick experiment in which I dedicated some minutes for each product." At least three of the vendors have already issued fixes, while Rockwell is working on one, he said.