CVE-2023-7206

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://hornerautomation.com/cscape-software/	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04	Third Party Advisory US Government Resource
https://hornerautomation.com/cscape-software/	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hornerautomation:cscape::::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:-::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp1::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp10::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp2::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp3::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp4::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp5::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp6::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp7::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp8::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp9::::::

History

No history.

Information

Published : 2024-01-15 23:15

Updated : 2024-11-21 08:45

NVD link : CVE-2023-7206

Mitre link : CVE-2023-7206

CVE.ORG link : CVE-2023-7206

JSON object : View

Products Affected

hornerautomation

cscape

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2023-7206", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-01-15T23:15:07.807", "references": [{"url": "https://hornerautomation.com/cscape-software/", "tags": ["Product"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://hornerautomation.com/cscape-software/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n"}, {"lang": "es", "value": "En las versiones 9.90 SP10 y anteriores de Horner Automation Cscape, los atacantes locales pueden aprovechar esta vulnerabilidad si un usuario abre un archivo CSP malicioso, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario en las instalaciones afectadas de Cscape."}], "lastModified": "2024-11-21T08:45:30.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE2DC26D-983D-42DF-A903-1AFC1430EB07", "versionEndExcluding": "9.90"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3037FE7-0230-48F0-8665-3F63F4D57AFF"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "419F775A-9EC9-4C78-9834-D241D18E67AE"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp10:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05F0FEE9-B508-48FD-85DD-6B1CA1C386BA"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A20012C0-21A9-42BD-AF6A-CC193A3631FA"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D62ADB7C-09CC-4A36-BD7C-235029100510"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "35C25D54-A7DD-43D0-8A4C-EF274B8EAB65"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "289190F6-E74B-4869-B47B-734A965A0C3F"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4EEABB9-4AD6-4F42-975D-5D4A50047EA6"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEB9CAB3-BB31-4344-88AE-E161776E7D4F"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4C0B423-D6B9-4B7D-BB08-BFA2701313F4"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51"}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE1F918C-F6D6-43D5-A98C-55DB1D3C4AF9"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}