CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-22663 – Horner Automation Cscape CSP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-22663
09 Feb 2021 — Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute code in the context of the current process. Cscape (todas las versiones anteriores a 9.90 SP3.5) carece de una comprobación apropiada de los datos suministrados por el usuario al analizar los archivos de proyecto. Esto podría conllevar a una lectura fuera de límites. • https://us-cert.cisa.gov/ics/advisories/icsa-21-035-02 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13541 – Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13541
18 Oct 2019 — In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. En Horner Automation Cscape versión 9.90 y anteriores, se identificó una vulnerabilidad de comprobación de entrada inapropiada que puede ser explotada mediante el procesamiento de archivos que carecen de validación de entrada del usuario. Esto pu... • https://www.us-cert.gov/ics/advisories/icsa-19-290-02 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13545 – Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-13545
18 Oct 2019 — In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. En Horner Automation Cscape versión 9.90 y anteriores, la comprobación inapropiada de datos puede causar que el sistema escriba fuera del área de búfer prevista, lo que puede permitir una ejecución de código arbitraria. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Horner Automatio... • https://www.us-cert.gov/ics/advisories/icsa-19-290-02 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-6555 – Horner Automation Cscape CSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6555
20 Feb 2019 — Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code. Cscape en versiones 9.80 SP4 y anteriores. Una vulnerabilidad de validación de entradas incorrecta podría explotarse procesando archivos POC especialmente manipulados. • http://www.securityfocus.com/bid/107087 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-19005 – Horner Automation Cscape CSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-19005
20 Dec 2018 — Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing specially crafted POC files lacking user input validation. This may allow an attacker to read confidential information and remotely execute arbitrary code. Cscape, en versiones 9.80.75.3 SP3 y anteriores. Se ha identificado una vulnerabilidad de validación de entradas incorrecta que podría ser explotada mediante el procesamiento de archivos POC que carecen de validación... • http://www.securityfocus.com/bid/106275 • CWE-20: Improper Input Validation •