Horner Automation Cscape

🗓️ 31 May 2023 20:26:29Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 42 Views

Horner Automation Cscape, Cscape EnvisionRV affected by stack-based buffer overflow, out-of-bounds read vulnerabilities. Successful exploitation can disclose information and execute arbitrary code.

Reporter	Title	Published	Views	Family All 99
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote controller access software and the Cscape software arises from buffer overflow in the stack, allowing an attacker to execute arbitrary code.	24 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in the FontManager system’s control module. This allows an attacker to execute arbitrary code.	26 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software arises from reading beyond the buffer in memory, allowing an attacker to execute arbitrary code.	26 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software lies in the fact that the operation output goes beyond the buffer in memory, allowing an attacker to execute arbitrary code.	26 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape configuration software lies in their inability to access an uninitialized pointer, allowing attackers to execute arbitrary code.	26 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote controller access software and the Cscape software, related to memory usage after it is released, allows a hacker to execute arbitrary code.	31 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software, related to reading beyond the buffer in memory, allows a attacker to execute arbitrary code.	31 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software lies in the fact that the output operations go beyond the buffer in memory, allowing an attacker to execute arbitrary code.	31 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software lies in the fact that the output operations go beyond the buffer in memory, allowing an attacker to execute arbitrary code.	31 May 202300:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Horner Automation Cscape EnvisionRV remote control access software and the Cscape software, related to reading data beyond the buffer in memory, allows a attacker to execute arbitrary code.	31 May 202300:00	–	bdu_fstec

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-143-04.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-23-143-04
us-cert	www.us-cert.cisa.gov/ics/Recommended-Practices
cisa	www.cisa.gov/ics
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014

31 May 2023 20:26Current

8.4High risk

Vulners AI Score8.4

CVSS 3.17.8

EPSS0.00094

SSVC