Vulnerability Details CVE-2023-32289
The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 17.4%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2023-32289
-
cpe:2.3:a:hornerautomation:cscape:9.90
-
cpe:2.3:a:hornerautomation:cscape_envisionrv:4.70