The Delta enteliBUS Manager centralizes control for various pieces of hardware often found in corporate or industrial settings. The bug exists in a controller that oversees HVAC, lighting, sensor and alarm systems, to name a few. The attack uses broadcast traffic, meaning they can launch the attack without knowing the location of the targets on the network. The vulnerability was caused by a buffer-overflow vulnerability, i.e. a mismatch in the memory sizes used to handle incoming network data.
Source: https://threatpost.com/def-con-2019-delta-ics-flaw-allows-total-industrial-takeover/147142/

