Hornerautomation: >> Cscape Security Vulnerabilities
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-06-06
Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory read.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-11-15
Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memory buffer.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-10-27
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-10-27
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code
CVSS Score
7.8
EPSS Score
0.005
Published
2022-06-02
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-06-02
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-06-02
The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-06-02
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-25
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVSS Score
7.8
EPSS Score
0.004
Published
2021-08-25