CVE-2023-0621
CVE-2023-0621

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape Envision Rv
Vendor: CVE Published:; 9 March 2023

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2023-0621?

Cscape Envision RV version 4.60 contains a vulnerability that allows an out-of-bounds read when parsing HMI project files. This flaw arises from inadequate validation of user-supplied data, which can lead to attempts to read data past allocated boundaries. Exploiting this vulnerability may grant an attacker the ability to execute arbitrary code within the current process context, presenting a significant security risk. Organizations utilizing this software should consider mitigating measures to protect sensitive data and system integrity.

Affected Version(s)

Cscape Envision RV 4.60

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Feb 1, 2023

CVE-2023-0621 Data

JSON