Horner Automation Cscape Stack-Based Buffer Overflow
CVE-2023-7206

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape
Vendor: CVE Published:; 15 January 2024

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2023-7206?

In affected versions of Horner Automation's Cscape software, local attackers can exploit a vulnerability by having a user open a specially crafted CSP file. This action could lead to the execution of arbitrary code on the system, posing significant security risks for users. Appropriate safeguards and updates are recommended for affected installations to mitigate potential threats.

Affected Version(s)

Cscape 0 <= 9.90 SP10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-0...

https://hornerautomation.com/cscape-software/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2024
Vulnerability Reserved
Jan 4, 2024

Credit

Michael Heinzl reported this vulnerability to CISA.

CVE-2023-7206 Data

JSON