Skip to main content

Cscape CVE-2026-12897

| EUVDEUVD-2026-39509 HIGH
Out-of-bounds Read (CWE-125)
2026-06-25 icscert GHSA-xm98-9qfh-q6g4
8.4
CVSS 4.0 · Vendor: icscert
Share

Severity by source

Vendor (icscert) PRIMARY
8.4 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (icscert) · only source for this CVE.

CVSS VectorVendor: icscert

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 20:03 EUVD
Analysis Generated
Jun 25, 2026 - 18:56 vuln.today

DescriptionCVE.org

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code.

AnalysisAI

Out-of-bounds read in Horner Automation Cscape prior to 10.2 SP3 lets an attacker who supplies a malicious CSP project file disclose memory contents and, per the advisory, achieve arbitrary code execution within the engineering workstation. Cscape is the configuration/programming environment for Horner OCS controllers, so the target is the engineer's PC rather than the PLC itself. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Identify all Cscape installations and versions in use; disable import of CSP project files from external or untrusted sources; restrict to internal project repositories only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Cscape

View all
CVE-2023-32203 HIGH
7.8 Jun 06

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated hig

CVE-2023-31278 HIGH
7.8 Jun 06

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated hig

CVE-2023-31244 HIGH
7.8 Jun 06

The affected product does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability i

CVE-2023-29503 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated hig

CVE-2023-28653 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated hig

CVE-2023-27916 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). Rated high s

CVE-2023-32539 HIGH
7.8 Jun 06

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated hig

CVE-2023-32289 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). Rated hi

CVE-2023-32281 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated hig

CVE-2023-32545 HIGH
7.8 Jun 06

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated hig

CVE-2022-3377 HIGH
7.8 Nov 15

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. Rated high severit

CVE-2022-3379 HIGH
7.8 Oct 27

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. Rated high severity

Share

CVE-2026-12897 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy