The NCCIC has released an advisory on uncontrolled search path element, relative path traversal, improper privilege management, and stack-based buffer overflow vulnerabilities in Emerson DeltaV DCS Workstations. DeltaV versions 11.3.1, 12.3.1, 13.3.0, 13.3.1, and R5 are affected. Successful exploitation of these vulnerabilities could allow arbitrary code execution, malware injection, or malware to spread to other workstations. Emerson recommends users patch the affected products. The NCCIC also recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.