exploitDog

CVE-2023-0621

Опубликовано: 09 мар. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hornerautomation:cscape_envision_rv:4.60:*:*:*:*:*:*:*

EPSS

Процентиль: 19%

0.00062

Низкий

7.8 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-x4mq-hj27-xrcr

CVSS3: 7.8

github

почти 3 года назад

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

EPSS

Процентиль: 19%

0.00062

Низкий

7.8 High

CVSS3

Дефекты

CWE-125