4 matches found
CVE-2023-1049
A CWE-94: Improper Control of Generation of Code 'Code Injection' vulnerability exists that could cause execution of malicious code when an unsuspicious user loads a project file from the local filesystem into the HMI...
CVE-2021-44462
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...
CVE-2021-44462 Horner Automation Cscape EnvisionRV Improper Input Validation
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures...
CVE-2021-44462
CVE-2021-44462 affects Horner Automation Cscape EnvisionRV (v4.50.3.1 and prior). The vulnerability stems from improper input validation (CWE-20), allowing reads/writes past the end of allocated data structures when parsing maliciously crafted project files. Exploitation requires user interaction...