The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in the FontManager system’s control module. This allows an attacker to execute arbitrary code.

🗓️ 26 May 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Horner Cscape EnvisionRV and Cscape have a FontManager buffer overread enabling code execution via a crafted CSP file.

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2023-32281	6 Jun 202320:29	–	circl
CNNVD	Horner Automation Cscape 缓冲区错误漏洞	6 Jun 202300:00	–	cnnvd
CVE	CVE-2023-32281	6 Jun 202315:15	–	cve
Cvelist	CVE-2023-32281	6 Jun 202315:15	–	cvelist
EUVD	EUVD-2023-36535	3 Oct 202520:07	–	euvd
ICS	Horner Automation Cscape	31 May 202320:26	–	ics
NVD	CVE-2023-32281	6 Jun 202316:15	–	nvd
OSV	CVE-2023-32281	6 Jun 202316:15	–	osv
Prion	Design/Logic Flaw	6 Jun 202316:15	–	prion
Positive Technologies	PT-2023-2868 · Horner Automation · Horner Automation Cscape Envisionrv	23 May 202300:00	–	ptsecurity

Vulners

Node

horner_automation_group cscape_envisionrvRange<4.80

Source	Link
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-143-04
hornerautomation	www.hornerautomation.com/cscape-software/
hornerautomation	www.hornerautomation.com/product/cscape-envision-rv/
vuldb	www.vuldb.com/
isssource	www.isssource.com/horner-automation-fixes-cscape/
web	www.web.nvd.nist.gov/view/vuln/detail

23 Oct 2023 00:00Current

7.9High risk

Vulners AI Score7.9

CVSS 27.2

CVSS 37.8

EPSS0.00062

horner automation cscape software fontmanager vulnerability buffer overread crafted CSP file arbitrary code execution