Skip to main content

Cscape

28 CVEs product

Monthly

CVE-2026-12897 HIGH PATCH CISA This Week

Out-of-bounds read in Horner Automation Cscape prior to 10.2 SP3 lets an attacker who supplies a malicious CSP project file disclose memory contents and, per the advisory, achieve arbitrary code execution within the engineering workstation. Cscape is the configuration/programming environment for Horner OCS controllers, so the target is the engineer's PC rather than the PLC itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Buffer Overflow Information Disclosure Cscape
NVD
CVSS 4.0
8.4
EPSS
0.1%
CVE-2023-32203 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31278 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31244 HIGH This Week

The affected product does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29503 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28653 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27916 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32539 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32289 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32281 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32545 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3377 HIGH PATCH This Week

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3379 HIGH This Week

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-3378 HIGH This Week

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30540 HIGH This Week

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2022-29488 HIGH This Week

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-28690 HIGH This Week

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2022-27184 HIGH This Week

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2021-33015 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32995 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-32975 HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-22682 HIGH This Week

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Cscape
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-22678 HIGH This Week

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cscape
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2021-22663 HIGH This Week

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
CVSS 3.1
7.8
EPSS
1.3%
CVE-2019-13545 HIGH This Week

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption Cscape
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-13541 HIGH This Week

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2019-6555 HIGH This Week

Cscape, 9.80 SP4 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2018-19005 HIGH This Week

Cscape, Version 9.80.75.3 SP3 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
CVSS 3.0
7.8
EPSS
1.7%
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Out-of-bounds read in Horner Automation Cscape prior to 10.2 SP3 lets an attacker who supplies a malicious CSP project file disclose memory contents and, per the advisory, achieve arbitrary code execution within the engineering workstation. Cscape is the configuration/programming environment for Horner OCS controllers, so the target is the engineer's PC rather than the PLC itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected product does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Horner Automation's Cscape version 9.90 SP 6 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Memory Corruption Cscape
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Horner Automation's Cscape version 9.90 SP7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Heap Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Cscape
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Cscape
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cscape
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Cscape (All versions prior to 9.90 SP3.5) lacks proper validation of user-supplied data when parsing project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Cscape
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Memory Corruption +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Cscape, 9.80 SP4 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Cscape, Version 9.80.75.3 SP3 and prior. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Cscape
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy