Horner Automation Cscape
Summary
Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability. Successful exploitation by a local attacker could lead to information disclosure and arbitrary code execution.
IFF Assessment
The vulnerability allows for information disclosure and arbitrary code execution, posing a significant risk to the affected systems.
Severity
The CVSS score of 7.8 (HIGH) reflects the potential for an attacker to disclose information and execute arbitrary code. The vector string indicates a local attack vector (AV:L) with low attack complexity (AC:L) and privileges required (PR:L), a high impact on confidentiality and integrity, and no user interaction needed.
Defender Context
This vulnerability affects industrial control systems (ICS) in the Critical Manufacturing sector, deployed worldwide. Defenders should prioritize patching Horner Automation Cscape to version 10.2 SP3 to mitigate the risk of local attackers exploiting this flaw for information disclosure and code execution.