5836 matches found
CVE-2023-27916
CVE-2023-27916 affects Horner Automation Cscape and Cscape EnvisionRV. It is caused by improper validation of user-supplied data when parsing font files (e.g., FNT), which can lead to an out-of-bounds read and potentially allow arbitrary code execution in the current process. Mitigations from CIS...
CVE-2023-29503
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-31244
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer...
CVE-2023-31278
CVE-2023-31278 affects Horner Automation’s Cscape/Cscape EnvisionRV where parsing project files (e.g., HMI) can fail to validate user-supplied data, causing an out-of-bounds read that could enable arbitrary code execution in the current process. The NVD entry notes a base score of 7.8 (HIGH) with...
CVE-2023-31278 Horner Automation Cscape Out-of-bounds Read
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process...
CVE-2023-32203 Horner Automation Cscape Out-of-bounds Write
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32203
CVE-2023-32203 affects Horner Automation Cscape and EnvisionRV. The vulnerability stems from improper validation of user-supplied data when parsing project files (e.g., CSP/HMI), leading to an out-of-bounds write (CScape_EnvisionRV+0x2e374b) that could allow arbitrary code execution in the curren...
CVE-2023-32289
The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32289
The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
Design/Logic Flaw
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
Type confusion
The affected application lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current...
Design/Logic Flaw
The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32281
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32281
CVE-2023-32281 corresponds to a vulnerability in Horner Automation software where parsing CSP project files can trigger an out-of-bounds read in the FontManager, potentially allowing arbitrary code execution in the affected process. The issue is tied to improper validation of user-supplied data d...
CVE-2023-32545
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
Design/Logic Flaw
The affected application lacks proper validation of user-supplied data when parsing project files e.g., CSP. This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32289
The affected application lacks proper validation of user-supplied data when parsing project files e.g.., CSP. This could lead to an out-of-bounds read in IOCFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...
CVE-2023-32289
The CVE-2023-32289 entry describes a vulnerability in Horner Automation Cscape and Cscape EnvisionRV where improper validation of user-supplied data when parsing project files (e.g., CSP) can cause an out-of-bounds read in IO_CFG, potentially enabling arbitrary code execution in the current proce...
CVE-2023-32539
CVE-2023-32539 affects Horner Automation Cscape (Cscape v9.90 SP8 and Cscape EnvisionRV v4.70) with an out-of-bounds write caused by improper validation of user-supplied data when parsing project files (e.g., HMI). The available connected sources describe a stack-based/out-of-bounds write that co...
CVE-2023-32539 Horner Automation Cscape Out-of-bounds Write
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files e.g., HMI. This could lead to an out-of-bounds write at CScapeEnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current...