CVE-2021-44462

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.
References
Link Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 Mitigation Patch Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 Mitigation Patch Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:hornerautomation:cscape_envisionrv:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:31

Type Values Removed Values Added
References () https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 - Mitigation, Patch, Third Party Advisory, US Government Resource () https://www.cisa.gov/uscert/ics/advisories/icsa-21-355-02 - Mitigation, Patch, Third Party Advisory, US Government Resource
CVSS v2 : 5.8
v3 : 7.1
v2 : 5.8
v3 : 7.8

Information

Published : 2022-03-25 19:15

Updated : 2024-11-21 06:31


NVD link : CVE-2021-44462

Mitre link : CVE-2021-44462

CVE.ORG link : CVE-2021-44462


JSON object : View

Products Affected

hornerautomation

  • cscape_envisionrv
CWE
CWE-20

Improper Input Validation