CVE-2023-0622
CVE-2023-0622

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape Envision Rv
Vendor: CVE Published:; 9 March 2023

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2023-0622?

Cscape Envision RV version 4.60 is prone to an out-of-bounds write vulnerability due to inadequate validation of user input when processing HMI project files. This security flaw allows attackers to write beyond the allocated memory boundaries, potentially leading to arbitrary code execution within the application's context. Proper security measures should be implemented to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cscape Envision RV 4.60

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 9, 2023
Vulnerability Reserved
Feb 1, 2023

CVE-2023-0622 Data

JSON