CSP File Parsing Vulnerability Could Allow Arbitrary Code Execution
CVE-2024-12212

7.8HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape
Vendor: CVE Published:; 13 December 2024

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2024-12212?

The vulnerability arises during the parsing of Content Security Policy (CSP) files within Horner Automation's Cscape software. Due to inadequate validation of user-supplied input, there is a risk of reading beyond allocated memory boundaries. This flaw permits the potential execution of arbitrary code, heightening the threat landscape for users of affected Cscape versions. Organizations utilizing these products should assess their exposure and consider implementing mitigations promptly.

Affected Version(s)

Cscape 0 <= 10.0.363.1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-3...

https://hornerautomation.com/cscape-software-free/cscape-...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 13, 2024

Credit

Michael Heinzl reported these vulnerabilities to CISA.

CVE-2024-12212 Data

JSON