CVE-2023-29503

Name of the Vulnerable Software and Affected Versions Cscape versions (affected versions not specified) Horner Automation Cscape EnvisionRV versions (affected versions not specified)

Description The issue is caused by a lack of proper validation of user-supplied data when parsing project files, such as CSP, leading to a stack-based buffer overflow. This could allow an attacker to execute arbitrary code in the context of the current process by opening a specially crafted CSP file.

Recommendations For Cscape, consider disabling the parsing of project files until a patch is available. For Horner Automation Cscape EnvisionRV, restrict access to specially crafted CSP files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.