8.4
CVE-2026-12897
- EPSS 0.13%
- Veröffentlicht 25.06.2026 17:47:57
- Zuletzt bearbeitet 25.06.2026 20:16:20
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
Out-of-bounds read in Horner Automation Cscape
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHorner Automation
≫
Produkt
Cscape
Default Statusunaffected
Version
0
Version <
10.2 SP3
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.032 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 8.4 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://www.cisa.gov/news-events/ics-advisories/icsa-26-176-03