Lucene search

IcscertCVELIST:CVE-2022-3378

HistoryOct 27, 2022 - 10:13 p.m.

CVE-2022-3378

2022-10-2722:13:41

CWE-824

icscert

www.cve.org

horner automation

cscape

version 9.90

sp 7

user-supplied data

malicious fnt file

arbitrary code execution

uninitialized pointer

out-of-bounds memory write

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.2%

JSON

Horner Automation’s Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cscape",
    "vendor": "Horner Automation",
    "versions": [
      {
        "lessThanOrEqual": "9.90",
        "status": "affected",
        "version": "0",
        "versionType": "SP 7"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsa-22-277-03

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

26.2%

JSON

Related for CVELIST:CVE-2022-3378