OTPulse
FeedAboutContact

Horner Automation Cscape

Plan Patch7.8ICS-CERT ICSA-19-290-02Oct 17, 2019
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Horner Automation Cscape versions 9.90 and prior contain improper input validation (CWE-20) and out-of-bounds write (CWE-787) vulnerabilities that could crash the device and allow attackers to access information and execute arbitrary code. These vulnerabilities are not remotely exploitable.

What this means
What could happen
An attacker with local access to a Cscape workstation could crash the engineering software or execute arbitrary code on the machine, potentially gaining access to project files, ladder logic, and device configurations used in your automation systems.
Who's at risk
This affects organizations using Horner Automation Cscape for programming and configuring programmable logic controllers (PLCs) and industrial automation devices. Engineering teams and automation technicians who use Cscape are at risk if they interact with untrusted files or data on their workstations.
How it could be exploited
An attacker must be physically present or have local access to a machine running Cscape. They could exploit this by tricking a user into opening a malicious file (e.g., via email or USB) or by manipulating input that Cscape processes without proper validation, causing a crash or code execution on the workstation.
Prerequisites
  • Local access to a Cscape workstation
  • User interaction required (opening a file or accepting input)
  • Cscape version 9.90 or earlier installed
local access required (not remotely exploitable)user interaction requiredno patch available at time of advisoryaffects engineering workstations
Exploitability
Low exploit probability (EPSS 0.3%)
Affected products (1)
ProductAffected VersionsFix Status
Cscape: 9.90 and prior≤ 9.909.90 SP1 or later
Remediation & Mitigation
0/5
Do now
0/2
WORKAROUNDRestrict file access permissions on Cscape workstations and disable auto-run features for removable media
HARDENINGTrain engineering staff to avoid opening unsolicited email attachments and to verify the source of files before importing them into Cscape
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape to version 9.90 SP1 or later
Long-term hardening
0/2
HARDENINGImplement application whitelisting on Cscape workstations to prevent unauthorized code execution
HARDENINGIsolate engineering workstations on a separate network segment from production control systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/2b6e2443-c66c-4713-8d76-82323e4c6bb5
Horner Automation Cscape | CVSS 7.8 - OTPulse