Horner Automation
Products
4- 20 CVEs
- 14 CVEs
- 3 CVEs
- 3 CVEs
Recent CVEs
27| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-2641 | Cri | 0.64 | 9.8 | 0.01 | Dec 2, 2022 | Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition. | ||
| CVE-2025-4098 | Hig | 0.55 | — | 0.00 | May 8, 2025 | Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape. | ||
| CVE-2026-12897 | hig | 0.51 | 7.8 | 0.00 | Jun 25, 2026 | Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code. | ||
| CVE-2024-9508 | Hig | 0.51 | 7.8 | 0.00 | Dec 13, 2024 | Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. | ||
| CVE-2024-12212 | Hig | 0.51 | 7.8 | 0.00 | Dec 13, 2024 | The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. | ||
| CVE-2023-7206 | Hig | 0.51 | 7.8 | 0.00 | Jan 15, 2024 | In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape. | ||
| CVE-2023-32203 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the… | ||
| CVE-2023-31278 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process. | ||
| CVE-2023-31244 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer. | ||
| CVE-2023-29503 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. … | ||
| CVE-2023-28653 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the… | ||
| CVE-2023-27916 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current… | ||
| CVE-2023-32539 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the… | ||
| CVE-2023-32289 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current… | ||
| CVE-2023-32281 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the… | ||
| CVE-2023-32545 | Hig | 0.51 | 7.8 | 0.00 | Jun 6, 2023 | The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context… | ||
| CVE-2023-0623 | Hig | 0.51 | 7.8 | 0.00 | Mar 9, 2023 | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could… | ||
| CVE-2023-0622 | Hig | 0.51 | 7.8 | 0.00 | Mar 9, 2023 | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could… | ||
| CVE-2023-0621 | Hig | 0.51 | 7.8 | 0.00 | Mar 9, 2023 | Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could… | ||
| CVE-2022-3377 | Hig | 0.51 | 7.8 | 0.00 | Nov 15, 2022 | Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an… |
- risk 0.64cvss 9.8epss 0.01
Horner Automation’s RCC 972 with firmware version 15.40 has a static encryption key on the device. This could allow an attacker to perform unauthorized changes to the device, remotely execute arbitrary code, or cause a denial-of-service condition.
- risk 0.55cvss —epss 0.00
Horner Automation Cscape version 10.0 (10.0.415.2) SP1 is vulnerable to an out-of-bounds read vulnerability that could allow an attacker to disclose information and execute arbitrary code on affected installations of Cscape.
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code.
- risk 0.51cvss 7.8epss 0.00
In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e374b. An attacker could leverage this vulnerability to execute arbitrary code in the context of the…
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
The affected product does not properly validate user-supplied data. If a user opens a maliciously formed CSP file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer.
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process. …
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to a use-after-free vulnerability. An attacker could leverage this vulnerability to execute arbitrary code in the context of the…
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to potentially execute arbitrary code in the context of the current…
- risk 0.51cvss 7.8epss 0.00
Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). This could lead to an out-of-bounds write at CScape_EnvisionRV+0x2e3c04. An attacker could leverage this vulnerability to potentially execute arbitrary code in the…
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). This could lead to an out-of-bounds read in IO_CFG. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current…
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in the FontManager. An attacker could leverage this vulnerability to execute arbitrary code in the context of the…
- risk 0.51cvss 7.8epss 0.00
The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). This could lead to an out-of-bounds read in Cscape!CANPortMigration. An attacker could leverage this vulnerability to execute arbitrary code in the context…
- risk 0.51cvss 7.8epss 0.00
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could…
- risk 0.51cvss 7.8epss 0.00
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could…
- risk 0.51cvss 7.8epss 0.00
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could…
- risk 0.51cvss 7.8epss 0.00
Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an…