Horner Automation Cscape EnvisionRV Improper Input Validation
CVE-2021-44462

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape Envisionrv
Vendor: CVE Published:; 25 March 2022

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2021-44462?

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.

Affected Version(s)

Cscape EnvisionRV <= unspecified

References

https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02

x_refsource_CONFIRM

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2022
Vulnerability Reserved
Dec 16, 2021

Credit

Michael Heinzl reported this vulnerability to CISA.

CVE-2021-44462 Data

JSON