CISA has published an advisory on a heap-based buffer overflow vulnerability in Emerson OpenEnterprise SCADA Server. OpenEnterprise Server 2.83 is affected if Modbus or ROC Interfaces have been installed and are in use; all versions of OpenEnterprise 3.1 through 3.3.3 are also affected. Successful exploitation of this vulnerability could allow an attacker to execute code on an OpenEnterprise SCADA Server. Emerson recommends all users upgrade to OpenEnterprise 3.3, Service Pack 4 (3.3.4), to resolve this issue. CISA also recommends a series of measures to mitigate the vulnerability. Read the advisory at CISA.