CVE-2021-22678

HIGH

Cscape <9.90 SP4 - Memory Corruption

Title source: llm
STIX 2.1

Description

Cscape (All versions prior to 9.90 SP4) lacks proper validation of user-supplied data when parsing project files. This could lead to memory corruption. An attacker could leverage this vulnerability to execute code in the context of the current process.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01

Scores

CVSS v3 7.8
EPSS 0.0103
EPSS Percentile 59.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-20 CWE-787
Status published
Products (2)
hornerautomation/cscape 9.90 (4 CPE variants)
hornerautomation/cscape < 9.90
Published Apr 23, 2021
Tracked Since Feb 18, 2026