Filtered by vendor Hornerautomation
Subscriptions
Filtered by product Cscape Envisionrv
Subscriptions
Total
11 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-32545 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-32539 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||||
CVE-2023-32289 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-32281 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-32203 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-31278 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||||
CVE-2023-31244 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | ||||
CVE-2023-29503 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-28653 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
CVE-2023-27916 | 1 Hornerautomation | 2 Cscape, Cscape Envisionrv | 2024-11-21 | 7.8 High |
The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||||
CVE-2021-44462 | 1 Hornerautomation | 1 Cscape Envisionrv | 2024-11-21 | 7.8 High |
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file. |
Page 1 of 1.