CVE-2021-22678

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.90:-:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.90:sp1:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.90:sp2:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.90:sp3:*:*:*:*:*:*

History

24 Oct 2022, 17:23

Type Values Removed Values Added
CWE CWE-20 CWE-787

Information

Published : 2021-04-23 18:15

Updated : 2024-02-04 21:47


NVD link : CVE-2021-22678

Mitre link : CVE-2021-22678

CVE.ORG link : CVE-2021-22678


JSON object : View

Products Affected

hornerautomation

  • cscape
CWE
CWE-787

Out-of-bounds Write

CWE-20

Improper Input Validation