The NCCIC has released an advisory on deserialization of untrusted data and heap-based buffer overflow vulnerabilities in INVT Electric VT-Designer. VT-Designer 2.1.7.31 is affected; other versions could also be affected. Successful exploitation of these vulnerabilities could cause the program to crash and may allow remote code execution. INVT Electric’s mitigations for these vulnerabilities are not yet available. In the meantime, the NCCIC recommends a series of defensive measures to minimize the risk of exploitation of these vulnerabilities. NCCIC/ICS-CERT.