HPCsec have identified a vulnerability in PBS Pro which allows for arbitrary code execution on any node running the pbs_mom service. This vulnerability can be exploited by anyone in a position to communicate with the pbs_mom service from an authorized node within the cluster. Exploitation of this issue allows for arbitrary code execution as any other user including as root, even in installations where root is not permitted to submit jobs.
Good security is about dissecting something in order to understand how it works and then looking for ways to manipulate in order to facilitate unintended functionality. As long as that principle exists security can apply within any environment.