CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-3377

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 26.3%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-03
https://www.cisa.gov/uscert/ics/advisories/icsa-22-277-03

Products affected by CVE-2022-3377

Hornerautomation » Cscape » Version: 9.70

cpe:2.3:a:hornerautomation:cscape:9.70
Hornerautomation » Cscape » Version: 9.80

cpe:2.3:a:hornerautomation:cscape:9.80
Hornerautomation » Cscape » Version: 9.80.75.3

cpe:2.3:a:hornerautomation:cscape:9.80.75.3
Hornerautomation » Cscape » Version: 9.90

cpe:2.3:a:hornerautomation:cscape:9.90

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-3377

Products

Pricing

Contact Us