PT-2024-15230 · Horner Automation · Cscape

Michael Heinzl

Published

2024-01-15

Updated

2024-01-23

CVE-2023-7206

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Horner Automation Cscape versions 9.90 SP10 and prior

Description The issue allows local attackers to exploit the vulnerability by opening a malicious CSP file, resulting in the execution of arbitrary code on affected installations.

Recommendations For versions 9.90 SP10 and prior, avoid opening malicious CSP files until a patch is available. As a temporary workaround, consider restricting the opening of CSP files from untrusted sources to minimize the risk of exploitation.

Fix

Memory Corruption

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-121

Related Identifiers

CVE-2023-7206

Affected Products

Cscape

PT-2024-15230 · Horner Automation · Cscape

CVE-2023-7206

Weakness Enumeration

Related Identifiers

Affected Products

References · 7