CVE-2023-0622

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.
References
Link Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:hornerautomation:cscape_envision_rv:4.60:*:*:*:*:*:*:*

History

07 Nov 2023, 04:01

Type Values Removed Values Added
CWE CWE-787

Information

Published : 2023-03-09 22:15

Updated : 2024-02-28 19:51


NVD link : CVE-2023-0622

Mitre link : CVE-2023-0622

CVE.ORG link : CVE-2023-0622


JSON object : View

Products Affected

hornerautomation

  • cscape_envision_rv
CWE

No CWE.