CVE-2019-13541: Horner Automation Cscape CSP File Parsing Memory Corruption Remote Code Execution Vulnerability
First published: Fri Oct 18 2019(Updated: )
In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horner Automation Cscape | <=9.90 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-13541?
CVE-2019-13541 is a vulnerability that allows remote attackers to execute arbitrary code on affected installations of Horner Automation Cscape.
How does CVE-2019-13541 work?
CVE-2019-13541 works by exploiting a memory corruption flaw within the parsing of Cscape CSP files in Horner Automation Cscape.
What is the severity of CVE-2019-13541?
CVE-2019-13541 has a severity rating of 7.8, indicating a high severity.
Who is affected by CVE-2019-13541?
Horner Automation Cscape versions up to and including 9.90 are affected by CVE-2019-13541.
How can CVE-2019-13541 be fixed?
To fix CVE-2019-13541, users should apply the necessary security updates or patches provided by Horner Automation.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/title
- agent/tags
- agent/first-publish-date
- agent/description
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-19-902
- alias/ZDI-CAN-8444
- alias/CVE-2019-13541
- agent/software-canonical-lookup
- vendor/hornerautomation
- canonical/horner automation cscape
- version/horner automation cscape/9.90
- vendor/horner automation