CVE-2023-31244

Name of the Vulnerable Software and Affected Versions Horner Automation Cscape EnvisionRV (affected versions not specified) Cscape (affected versions not specified)

Description The issue is related to accessing an uninitialized pointer, which can be exploited by opening a specially crafted CSP file. This could allow an attacker to execute arbitrary code within the current process. The affected product does not properly validate user-supplied data.

Recommendations For Horner Automation Cscape EnvisionRV, avoid using the CSP file feature until a fix is available. For Cscape, restrict access to CSP files to minimize the risk of exploitation. As a temporary workaround, consider disabling the CSP file opening functionality in both products until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.