Lucene search

[email protected]CVE-2023-7206

HistoryJan 15, 2024 - 11:15 p.m.

CVE-2023-7206

2024-01-1523:15:07

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

horner automation

cscape

cve-2023-7206

vulnerability

exploit

local attacker

arbitrary code

nvd

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.2%

JSON

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.

Affected configurations

NVD

Node

hornerautomationcscapeRange<9.90

hornerautomationcscapeMatch9.90-

hornerautomationcscapeMatch9.90sp1

hornerautomationcscapeMatch9.90sp10

hornerautomationcscapeMatch9.90sp2

hornerautomationcscapeMatch9.90sp3

hornerautomationcscapeMatch9.90sp4

hornerautomationcscapeMatch9.90sp5

hornerautomationcscapeMatch9.90sp6

hornerautomationcscapeMatch9.90sp7

hornerautomationcscapeMatch9.90sp7.1

hornerautomationcscapeMatch9.90sp8

hornerautomationcscapeMatch9.90sp9

CPENameOperatorVersion
hornerautomation:cscapehornerautomation cscapelt9.90

CPE	Name	Operator	Version
hornerautomation:cscape	hornerautomation cscape	lt	9.90

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cscape",
    "vendor": "Horner Automation",
    "versions": [
      {
        "lessThanOrEqual": "9.90 SP10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]