The NCCIC has published an advisory on a stack-based buffer overflow vulnerability in National Renewable Energy Laboratory (NREL) Energy Plus. Version 8.6.0 and prior versions (potentially) are affected. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code or cause a denial-of-service condition. It is recommended that users update the application to the latest available release, v9.0.1, or later. The NCCIC also advises of a series of measures for mitigating the vulnerabilities. Read the advisory at CISA.