Hornerautomation

Cscape

31 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2023-32539

  • EPSS 0.04%
  • Veröffentlicht 06.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:03:33

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execu...

7.8

CVE-2023-32289

  • EPSS 0.06%
  • Veröffentlicht 06.06.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:03:02

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in ...

7.8

CVE-2023-32281

  • EPSS 0.06%
  • Veröffentlicht 06.06.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:02

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary co...

7.8

CVE-2023-32545

  • EPSS 0.06%
  • Veröffentlicht 06.06.2023 15:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:34

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute ...

7.8

CVE-2022-3377

  • EPSS 0.08%
  • Veröffentlicht 15.11.2022 21:15:37
  • Zuletzt bearbeitet 21.11.2024 07:19:24

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialize...

7.8

CVE-2022-3379

  • EPSS 0.1%
  • Veröffentlicht 27.10.2022 23:15:11
  • Zuletzt bearbeitet 21.11.2024 07:19:24

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by writing outside the memor...

7.8

CVE-2022-3378

  • EPSS 0.05%
  • Veröffentlicht 27.10.2022 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:19:24

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitializ...

7.8

CVE-2022-30540

  • EPSS 0.48%
  • Veröffentlicht 02.06.2022 14:15:53
  • Zuletzt bearbeitet 21.11.2024 07:02:54

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code

7.8

CVE-2022-29488

  • EPSS 0.29%
  • Veröffentlicht 02.06.2022 14:15:48
  • Zuletzt bearbeitet 21.11.2024 06:59:10

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code.

7.8

CVE-2022-28690

  • EPSS 0.29%
  • Veröffentlicht 02.06.2022 14:15:45
  • Zuletzt bearbeitet 21.11.2024 06:57:45

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code.