A security researcher has discovered a pair of zero-day vulnerabilities in a popular family of Siemens industrial control system switches that could allow an attacker to take over the network devices without a password.