CVE-2021-44462 HIGH

CVE-2021-44462: Horner Automation Cscape EnvisionRV Improper Input Validation

Vendor Horner Automation

Product Cscape EnvisionRV

Weakness CWE-20 · Input validation

Published March 25, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

7.8/10

Attack vector Local

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.

Key dates

02Disclosure timeline

March 25, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-44462

Related vulnerabilities

Identifiers

CVE CVE-2021-44462

CWE CWE-20

CVSS 7.8 / HIGH

Affected versions