CVE-2022-3378
First published: Thu Oct 27 2022(Updated: )
Horner Automation's Cscape version 9.90 SP 7 and prior does not properly validate user-supplied data. If a user opens a maliciously formed FNT file, then an attacker could execute arbitrary code within the current process by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Horner Automation Cscape | <9.90 | |
| Horner Automation Cscape | =9.90 | |
| Horner Automation Cscape | =9.90-sp1 | |
| Horner Automation Cscape | =9.90-sp2 | |
| Horner Automation Cscape | =9.90-sp3 | |
| Horner Automation Cscape | =9.90-sp4 | |
| Horner Automation Cscape | =9.90-sp5 | |
| Horner Automation Cscape | =9.90-sp6 | |
| Horner Automation Cscape | =9.90-sp7 | |
| Horner Automation Cscape Version 9.90 SP 6 and prior | ||
| Horner Automation Cscape Version 9.90 SP 7 and prior (CVE-2022-3379 and CVE-2022-3378 only) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of Horner Automation's Cscape?
The vulnerability ID of Horner Automation's Cscape is CVE-2022-3378.
What is the severity of CVE-2022-3378?
The severity of CVE-2022-3378 is high with a CVSS score of 7.8.
How does CVE-2022-3378 affect Horner Automation's Cscape?
CVE-2022-3378 allows an attacker to execute arbitrary code within the current process in Horner Automation's Cscape by accessing an uninitialized pointer, leading to an out-of-bounds memory write.
Is Horner Automation's Cscape version 9.90 SP 7 affected by CVE-2022-3378?
Yes, Horner Automation's Cscape version 9.90 SP 7 is affected by CVE-2022-3378.
How can I mitigate CVE-2022-3378 in Horner Automation's Cscape?
To mitigate CVE-2022-3378 in Horner Automation's Cscape, it is recommended to update to a version that properly validates user-supplied data.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/severity
- agent/references
- agent/event
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/trending
- agent/tags
- agent/source
- vendor/hornerautomation
- canonical/horner automation cscape
- version/horner automation cscape/9.90
- version/horner automation cscape/9.90-sp1
- version/horner automation cscape/9.90-sp2
- version/horner automation cscape/9.90-sp3
- version/horner automation cscape/9.90-sp4
- version/horner automation cscape/9.90-sp5
- version/horner automation cscape/9.90-sp6
- version/horner automation cscape/9.90-sp7
- vendor/horner automation
- canonical/horner automation cscape version 9.90 sp 6 and prior
- canonical/horner automation cscape version 9.90 sp 7 and prior (cve-2022-3379 and cve-2022-3378 only)