CVE-2024-12212 HIGH

CVE-2024-12212: Horner Automation Cscape Out-of-bounds Read

Vendor Horner Automation
Product Cscape
Weakness CWE-125
Published December 13, 2024
Last update December 13, 2024

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code.

Key dates

02Disclosure timeline

December 13, 2024 CVE published
December 13, 2024 Record updated