CVE-2021-32995

Published: Aug 25, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process.

Affected (6)

Products: Hornerautomation: Cscape

Hornerautomation

1 product

Cscape

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Hornerautomation Cscape	Before 9.90
Hornerautomation Cscape	Version 9.90
Hornerautomation Cscape	Version 9.90 sp1
Hornerautomation Cscape	Version 9.90 sp2
Hornerautomation Cscape	Version 9.90 sp3
Hornerautomation Cscape	Version 9.90 sp4

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-224-02

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-224-02

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.