A security vulnerability was recently discovered in all versions of StruxureOn Gateway prior to 1.2 (1.0.0 - 1.1.3).
This vulnerability leverages the DDF Catalog update feature under Device Support. It requires user authentication and network access, but could allow for remote code execution.
A fix for this vulnerability first became available in StruxureOn Gateway version 1.2. Download the latest version, now called EcoStruxure IT Gateway, here.
Read the security notification about this vulnerability here.