The NCCIC has published an advisory on a buffer overflow vulnerability in enteliBUS Controllers. Multiple products and versions of these products are affected. Successful exploitation of this vulnerability could allow an attacker on the same network to gain complete control of the device’s operating system and allow remote code execution. Delta Controls recommends users upgrade from enteliBUS 3.40 firmware to Version 3.40 R6 build 612850. Additionally, Delta Controls states it is important buildings are updated to the 3.40 R6 release to mitigate risk. The NCCIC also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.