CVE-2023-32203

2023-06-0617:15:15

CWE-119

CWE-787

[email protected]

web.nvd.nist.gov

cve-2023-32203

data validation

arbitrary code execution

out-of-bounds write

nvd

hmi

cscape_envisionrv

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.0%

JSON

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.

Affected configurations

NVD

Node

hornerautomationcscapeMatch9.90sp8

hornerautomationcscape_envisionrvMatch4.70

CPENameOperatorVersion
hornerautomation:cscapehornerautomation cscapeeq9.90
hornerautomation:cscape_envisionrvhornerautomation cscape envisionrveq4.70

CPE	Name	Operator	Version
hornerautomation:cscape	hornerautomation cscape	eq	9.90
hornerautomation:cscape_envisionrv	hornerautomation cscape envisionrv	eq	4.70

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cscape",
    "vendor": "Horner Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v9.90 SP8"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Cscape EnvisionRV",
    "vendor": "Horner Automation",
    "versions": [
      {
        "status": "affected",
        "version": "v4.70"
      }
    ]
  }
]