CVE-2023-0622

HIGH

Cscape Envision RV 4.60 - Out-of-bounds Write via HMI File Parsing

Title source: llm
STIX 2.1

Description

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

References (1)

Core 1
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
hornerautomation/cscape_envision_rv 4.60
Published Mar 09, 2023
Tracked Since Feb 18, 2026