CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28653
https://notcve.org/view.php?id=CVE-2023-28653
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-27916
https://notcve.org/view.php?id=CVE-2023-27916
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-29503
https://notcve.org/view.php?id=CVE-2023-29503
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-121: Stack-based Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31244
https://notcve.org/view.php?id=CVE-2023-31244
06 Jun 2023 — The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-31278 – Horner Automation Cscape Out-of-bounds Read
https://notcve.org/view.php?id=CVE-2023-31278
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32203 – Horner Automation Cscape Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-32203
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32281
https://notcve.org/view.php?id=CVE-2023-32281
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32289
https://notcve.org/view.php?id=CVE-2023-32289
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32539 – Horner Automation Cscape Out-of-bounds Write
https://notcve.org/view.php?id=CVE-2023-32539
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-32545
https://notcve.org/view.php?id=CVE-2023-32545
06 Jun 2023 — The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-143-04 • CWE-125: Out-of-bounds Read •