CVE-2023-0621
HIGHHornerautomation Cscape Envision RV - Out-of-Bounds Read
Title source: ruleDescription
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04
Scores
CVSS v3
7.8
EPSS
0.0007
EPSS Percentile
20.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-125
Status
published
Products (1)
hornerautomation/cscape_envision_rv
4.60
Published
Mar 09, 2023
Tracked Since
Feb 18, 2026