Today the DHS ICS-CERT published an advisory for a directory transversal vulnerability in IDS RTU 850 devices. The vulnerability was reported by Benjamin Kahler and Sebastian Kraemer of HSASec. ICS-CERT reports that the vulnerable models are well past their end-of-support date (2009) so no effort will be made to produce an update. IDS has provided specific mitigation suggestions nonetheless.
ICS-CERT reports that a highly skilled attacker could remotely exploit this vulnerability to obtain credentials for access to the internal service interface via telnet.