The vulnerability — now fixed — was discovered in a cloud-based system that allows customers to remotely manage their security alarm systems.