Yes, those vulnerabilities were via SQL injections in some java server pages on pnpscada.
We have since fixed those sql injection vulnerabilities that existed on version 2.*, and changed the version to 3.*.
More recently there has been another vulnerability report concerning the replayability of URLs, prompting us to add a cookie to the mix, so that people can't just enter urls and take over another person's session. We now require you to enter your credentials again when you cut and paste a URL into another browser. When that vulnerability was fixed, we changed the version to 4.*.