User Data Validation Flaw in Product by Vendor
CVE-2023-31244

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape; Cscape EnvisionRV
Vendor: CVE Published:; 6 June 2023

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2023-31244?

The affected product exhibits a flaw in validating user-supplied data, specifically when handling maliciously crafted Content Security Policy (CSP) files. This weakness allows an attacker to exploit an uninitialized pointer, leading to arbitrary code execution within the context of the current process. Users are urged to remain vigilant and apply patches to mitigate potential risks associated with this vulnerability. Further details and guidance can be found in the advisory issued by CISA.

Affected Version(s)

Cscape v9.90 SP8

Cscape EnvisionRV v4.70

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2023
Vulnerability Reserved
May 9, 2023

Credit

Michael Heinzl reported these vulnerabilities to CISA.

CVE-2023-31244 Data

JSON