Out-of-Bounds Read Vulnerability in Horner Automation Cscape Software
CVE-2026-12897

8.4HIGH

Key Information:

Vendor: Horner Automation
Status: Cscape
Vendor: CVE Published:; 25 June 2026

🔔 Create Horner Automation Vulnerability Alert

What is CVE-2026-12897?

Horner Automation Cscape software is susceptible to an Out-of-Bounds Read vulnerability due to improper handling of CSP file parsing. This flaw allows potential attackers to access sensitive information and could lead to unauthorized execution of arbitrary code. Users of Cscape versions prior to 10.2 SP3 are strongly advised to upgrade their software to mitigate the risks associated with this vulnerability.

Affected Version(s)

Cscape 0 < 10.2 SP3

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

government-resource

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2026
Vulnerability Reserved
Jun 22, 2026

Credit

Michael Heinzl reported this vulnerability to CISA.

CVE-2026-12897 Data

JSON