Hornerautomation Cscape — known CVE vulnerabilities
Every CVE whose affected-product data names Hornerautomation Cscape, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (28)
CVE-2018-19005 — CVSS 7.8 (high): Cscape, Version 9.80.75.3 SP3 and prior. An improper input validation vulnerability has been identified that may be exploited by processing…
CVE-2019-13541 — CVSS 7.8 (high): In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by…
CVE-2019-13545 — CVSS 7.8 (high): In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area…
CVE-2019-6555 — CVSS 7.8 (high): Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may…
CVE-2021-22663 — CVSS 7.8 (high): Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. This could lead to an…
CVE-2021-22678 — CVSS 7.8 (high): Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory…
CVE-2021-22682 — CVSS 7.8 (high): Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including…
CVE-2021-32975 — CVSS 7.8 (high): Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an…
CVE-2021-32995 — CVSS 7.8 (high): Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an…
CVE-2021-33015 — CVSS 7.8 (high): Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an…
CVE-2022-27184 — CVSS 7.8 (high): The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code.
CVE-2022-28690 — CVSS 7.8 (high): The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary…
CVE-2022-29488 — CVSS 7.8 (high): The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary…
CVE-2022-30540 — CVSS 7.8 (high): The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute…
CVE-2022-3377 — CVSS 7.8 (high): Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed…
CVE-2022-3378 — CVSS 7.8 (high): Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed…
CVE-2022-3379 — CVSS 7.8 (high): Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed…
CVE-2023-27916 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an…
CVE-2023-28653 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a…
CVE-2023-29503 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a…
CVE-2023-31244 — CVSS 7.8 (high): The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could…
CVE-2023-31278 — CVSS 7.8 (high): Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an…
CVE-2023-32203 — CVSS 7.8 (high): Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an…
CVE-2023-32281 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an…
CVE-2023-32289 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an…
CVE-2023-32539 — CVSS 7.8 (high): Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an…
CVE-2023-32545 — CVSS 7.8 (high): The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an…
CVE-2023-7206 — CVSS 7.8 (high): In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a…