First published: Fri Apr 23 2021(Updated: )
Cscape (All versions prior to 9.90 SP4) is configured by default to be installed for all users, which allows full permissions, including read/write access. This may allow unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Horner Automation Cscape | <9.90 | |
Horner Automation Cscape | =9.90 | |
Horner Automation Cscape | =9.90-sp1 | |
Horner Automation Cscape | =9.90-sp2 | |
Horner Automation Cscape | =9.90-sp3 | |
Horner Automation Cscape SP4 | <9.90 | 9.90 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-22682.
The severity of CVE-2021-22682 is high with a CVSS score of 7.8.
The affected software for CVE-2021-22682 is Horner Automation Cscape versions prior to 9.90 SP4.
CVE-2021-22682 is a vulnerability in Horner Automation Cscape versions prior to 9.90 SP4, which allows unprivileged users to modify the binaries and configuration files and lead to local privilege escalation.
Yes, there is a reference to CVE-2021-22682 on the US-CERT website. You can find more information at https://us-cert.cisa.gov/ics/advisories/icsa-21-112-01