Описание
Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 9.80 (исключая)
Одно из
cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.80:-:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.80:sp1:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.80:sp2:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.80:sp3:*:*:*:*:*:*
cpe:2.3:a:hornerautomation:cscape:9.80:sp4:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00204
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-20
Связанные уязвимости
CVSS3: 7.8
github
больше 3 лет назад
Cscape, 9.80 SP4 and prior. An improper input validation vulnerability may be exploited by processing specially crafted POC files. This may allow an attacker to read confidential information and remotely execute arbitrary code.
EPSS
Процентиль: 42%
0.00204
Низкий
7.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-20