CVE-2023-0623
CVE-2023-0623

7.8HIGH

Key Information:

Vendor

Horner Automation

Status
Cscape Envision Rv
Vendor
CVE Published:
9 March 2023

What is CVE-2023-0623?

Cscape Envision RV version 4.60 contains an out-of-bounds write vulnerability. This issue arises from inadequate validation of user-supplied data when parsing HMI project files, leading to potential writes beyond the end of allocated data structures. An attacker could exploit this vulnerability to execute arbitrary code within the context of the active process, posing a significant risk to affected systems.

Affected Version(s)

Cscape Envision RV 4.60

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-0...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.