CVE-2021-22678

Published: Apr 23, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.

Affected (5)

Products: Hornerautomation: Cscape

Hornerautomation

1 product

Cscape

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hornerautomation Cscape	Before 9.90
Hornerautomation Cscape	Version 9.90
Hornerautomation Cscape	Version 9.90 sp1
Hornerautomation Cscape	Version 9.90 sp2
Hornerautomation Cscape	Version 9.90 sp3

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.