The two vulnerabilities affect versions before 3.07.01 and could result in remote code execution (RCE), and privilege escalation within the Aspect Control Engine software, potentially giving an attacker complete control over the BMS.