Lucene search

IcscertCVELIST:CVE-2023-7206

HistoryJan 15, 2024 - 10:22 p.m.

CVE-2023-7206 Horner Automation Cscape Stack-Based Buffer Overflow

2024-01-1522:22:01

CWE-121

icscert

www.cve.org

horner automation

cscape

stack-based buffer overflow

cve-2023-7206

vulnerability

local attackers

csp file

arbitrary code

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.2%

JSON

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Cscape",
    "vendor": "Horner Automation",
    "versions": [
      {
        "lessThanOrEqual": "9.90 SP10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

hornerautomation.com/cscape-software/

www.cisa.gov/news-events/ics-advisories/icsa-24-011-04

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

21.2%

JSON

Related for CVELIST:CVE-2023-7206