exploitDog

CVE-2023-0623

Опубликовано: 09 мар. 2023

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04
Third Party Advisory
US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-23-040-04
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hornerautomation:cscape_envision_rv:4.60:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

7.8 High

CVSS3

Дефекты

CWE-787

Связанные уязвимости

GHSA-5373-c736-5hgm

CVSS3: 7.8

github

почти 3 года назад

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.

EPSS

Процентиль: 15%

0.00047

Низкий

7.8 High

CVSS3

Дефекты

CWE-787