CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 0CVE-2023-7206 – Horner Automation Cscape Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2023-7206
15 Jan 2024 — In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape. En las versiones 9.90 SP10 y anteriores de Horner Automation Cscape, los atacantes locales pueden aprovechar esta vulnerabilidad si un usuario abre un archivo CSP malicioso, lo que resultaría en la ejecución de código arbitrario en las instalaciones afectadas de Cscape. • https://hornerautomation.com/cscape-software • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28653
https://notcve.org/view.php?id=CVE-2023-28653
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27916
https://notcve.org/view.php?id=CVE-2023-27916
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29503
https://notcve.org/view.php?id=CVE-2023-29503
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31244
https://notcve.org/view.php?id=CVE-2023-31244
06 Jun 2023 — The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31278 – Horner Automation Cscape Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2023-31278
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32203 – Horner Automation Cscape Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-32203
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32281
https://notcve.org/view.php?id=CVE-2023-32281
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32289
https://notcve.org/view.php?id=CVE-2023-32289
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32539 – Horner Automation Cscape Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-32539
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •