Siveillance Control does not properly check the list of access groups that are assigned to an individual user. This could enable a locally logged on user to gain write privileges for objects where they only have read privileges. Siemens has released a new version for Siveillance Control and recommends to update to the latest version.
https://cert-portal.siemens.com/productcert/html/ssa-145196.html