CVE-2021-44462

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 Mitigation Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:hornerautomation:cscape_envisionrv:*:*:*:*:*:*:*:*

History

04 Apr 2022, 15:38

Type Values Removed Values Added
References (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 - (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 - Mitigation, Patch, Third Party Advisory, US Government Resource
CVSS v2 : unknown
v3 : unknown
v2 : 5.8
v3 : 7.1
CWE CWE-20
CPE cpe:2.3:a:hornerautomation:cscape_envisionrv:*:*:*:*:*:*:*:*

25 Mar 2022, 19:44

Type Values Removed Values Added
New CVE

Information

Published : 2022-03-25 19:15

Updated : 2024-02-04 22:29


NVD link : CVE-2021-44462

Mitre link : CVE-2021-44462

CVE.ORG link : CVE-2021-44462


JSON object : View

Products Affected

hornerautomation

  • cscape_envisionrv
CWE
CWE-20

Improper Input Validation