CVE-2021-44462

Name of the Vulnerable Software and Affected Versions Horner Automation Cscape EnvisionRV versions 4.50.3.1 and prior

Description This issue can be exploited by parsing maliciously crafted project files, resulting from the lack of proper validation of user-supplied data. This can lead to reads and writes past the end of allocated data structures. User interaction is required to exploit this issue, as an attacker must trick a valid user into opening a malicious HMI project file. The exploitation can impact the confidentiality, integrity, and availability of protected information.

Recommendations For versions 4.50.3.1 and prior, consider avoiding the use of user-supplied data in project files until a patch is available. As a temporary workaround, restrict access to opening HMI project files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.