The vulnerability with proof-of-concept code was publicly disclosed at a security conference last week by Justin Clarke, a security researcher at Cylance Inc. It was that disclosure that prompted the ICS-CERT alert and Siemens' effort to find a fix.

Dale Peterson, CEO of Digital Bond, a consulting firm specializing in control system security, said the flaw allows an attacker to access the login credentials to RuggedCom devices and to launch denial-of-service attacks against network devices running the vulnerable OS.

Peterson described RuggedCom as the "Cisco" of the industrial control network space and said the company is the largest supplier of ruggedized network devices to industrial control systems owners in the U.S.

The vulnerability described by Clarke is akin to flaws in older versions of Microsoft's Remote Desktop Protocol clients and Terminal Servers. And just like Microsoft, it will likely take Siemens a while to address the issue, he said.

By itself, the vulnerability is unlikely to greatly heighten risks for operators of industrial control networks, according to Peterson. That's because an attacker would already need to have access to an ICS network to be able to exploit the vulnerability. "It's pretty much game over if you already have someone on your network," he said. "This [vulnerability] gives them just another thing they can do as an attacker."