Horner Automation Cscape

🗓️ 04 Oct 2022 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 27 Views

Vulnerabilities in Horner Automation Cscape version 9.90 SP 6 and prior, 9.90 SP 7 and prior (CVE-2022-3379 and CVE-2022-3378) allow local attackers to execute arbitrary code. Update to Cscape version 9.90 SP8 for mitigation.

Reporter	Title	Published	Views	Family All 31
BDU FSTEC	The vulnerability of the Horner Automation Cscape software, related to writing beyond the buffer boundaries in memory, allows a hacker to execute arbitrary code.	26 Jun 202300:00	–	bdu_fstec
Circl	CVE-2022-3377	16 Nov 202207:51	–	circl
CNNVD	Horner Automation Cscape 缓冲区错误漏洞	4 Oct 202200:00	–	cnnvd
CNNVD	Horner Automation Cscape 缓冲区错误漏洞	4 Oct 202200:00	–	cnnvd
CNNVD	Horner Automation Cscape 缓冲区错误漏洞	4 Oct 202200:00	–	cnnvd
CVE	CVE-2022-3377	27 Oct 202222:17	–	cve
CVE	CVE-2022-3378	27 Oct 202222:13	–	cve
CVE	CVE-2022-3379	27 Oct 202222:11	–	cve
Cvelist	CVE-2022-3377	27 Oct 202222:17	–	cvelist
Cvelist	CVE-2022-3378	27 Oct 202222:13	–	cvelist

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2022/icsa-22-277-03.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-22-277-03
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/topics/industrial-control-systems
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B

04 Oct 2022 06:00Current

8.2High risk

Vulners AI Score8.2

CVSS 3.17.8

EPSS0.00182

SSVC