An important security patch has been released for the Energy Client software after researchers disclosed a critical vulnerability that could allow remote code execution and unauthorized control of systems running the client. The vendor issued an update (version 4.2.1) that fixes improper input validation in the client’s network protocol handling module, which previously allowed specially crafted packets to trigger buffer overflows.
Energy Client Patched