Use-After-Free Vulnerability in Project File Parsing by Affected Vendor
CVE-2023-28653

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape; Cscape EnvisionRV
Vendor: CVE Published:; 6 June 2023

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2023-28653?

The affected product fails to correctly validate user-supplied data when processing project files, leading to a potentially exploitable use-after-free vulnerability. An attacker could exploit this flaw to execute arbitrary code within the context of the process, posing a significant threat to system integrity and security.

Affected Version(s)

Cscape v9.90 SP8

Cscape EnvisionRV v4.70

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
May 9, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.

CVE-2023-28653 Data

JSON