Out-of-Bounds Read Vulnerability in Cscape by Horner Automation
CVE-2025-4098

8.4HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape
Vendor: CVE Published:; 8 May 2025

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2025-4098?

Cscape versions 10.0 (10.0.415.2) SP1 by Horner Automation are susceptible to an out-of-bounds read vulnerability. This flaw could allow attackers to read sensitive information from memory and potentially execute arbitrary code on compromised installations. Organizations using the affected software should take immediate measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Cscape 10.0 (10.0.415.2) SP1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

government-resource

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Apr 29, 2025

Credit

Michael Heinzl

CVE-2025-4098 Data

JSON