Yesterday the DHS ICS-CERT published a control system security advisory for an improper authorization vulnerability in the GE Bently Nevada 3500/22M monitoring system. Apparently this is a self-reported vulnerability. GE has produced a new firmware version to mitigate this vulnerability. ICS-CERT had previously published this advisory on the US-CERT Secure Portal on September 8th.
ICS-CERT reports that a relatively unskilled attacker could remotely exploit this vulnerability to gain unauthorized access to the affected device with elevated privileges.