The latest updates for XHQ 4 and XHQ 5 fix a vulnerability that could allow a low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level.

https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-945660.pdf