Hackers can remotely execute code and escalate privilege in select software.
Shellshock is affecting industrial products from the electronics company Siemens, which is in the process of patching the problems.
The flaw in the Bash command line allows hackers to remotely execute code or escalate privileges, but the vulnerabilities depend on specific system configurations, according to Siemens.
"Siemens is preparing updates for the affected products which will fix the vulnerabilities," the company said. "As soon as new releases are available, Siemens will provide the information and update this advisory."
Three bugs have been found in a range of Siemens products, including a remote execution bug that works through its Dynamic Host Configuration Protocol (DHCP) client, and a privilege escalation flaw affecting its Application Engineering (APE) tool.
A more general bug has also been found, but the firm insists it "cannot be exploited in the default configuration without major custom modifications by the user (such as installation of additional software or custom scripts)".
Joe Hancock, cyber security specialist at insurance firm AEGIS London, previously warned that industrial systems would particularly be at risk from Shellshock, which hit Linux, Unix and Mac.
"In some areas this will be a challenge to fix, as many embedded devices are not designed with regular updates in mind and will never be able to be patched," he said.
A fuller explanation of the bugs and the temporary fixes available can be found on the company’s website.