CVE-2019-13541

HIGH

Horner Automation Cscape <9.90 - RCE

Title source: llm
STIX 2.1

Description

In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://www.zerodayinitiative.com/advisories/ZDI-19-902/
Mitigation, Third Party Advisory, US Government Resource x_refsource_misc
https://www.us-cert.gov/ics/advisories/icsa-19-290-02

Scores

CVSS v3 7.8
EPSS 0.0194
EPSS Percentile 77.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-787
Status published
Products (1)
hornerautomation/cscape < 9.90
Published Oct 18, 2019
Tracked Since Feb 18, 2026