When CX-Supervisor (Versions 3.42 and prior) processes project files and tampers with the value of an offset, an attacker can force the application to read a value outside of an array.
[
{
"product": "CX-Supervisor",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "Versions 3.42 and prior"
}
]
}
]