Horner Automation Cscape Csfont

Plan Patch7.8ICS-CERT ICSA-22-146-02May 26, 2022

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Cscape Csfont contains buffer overflow and out-of-bounds memory access vulnerabilities (CWE-787, CWE-125, CWE-122) in its file parsing logic. Successful exploitation allows arbitrary code execution on the affected workstation when a user opens a specially crafted file. These vulnerabilities are not remotely exploitable and require user interaction to trigger. Horner Automation has released Cscape Csfont version 9.90 SP6 as a fix.

What this means

What could happen

An attacker could execute arbitrary code on an engineering workstation running Cscape Csfont by tricking a user into opening a malicious file, potentially compromising control logic design, modification, and deployment capabilities.

Who's at risk

Engineering and technical staff at industrial facilities using Horner Automation Cscape Csfont for control system design and configuration. This affects automation engineers, integrators, and maintenance personnel who use the software on workstations.

How it could be exploited

The attacker crafts a malicious file and delivers it to an engineer via email or file sharing. When the engineer opens the file in Cscape Csfont, buffer overflow or memory corruption vulnerabilities in the font parsing code trigger, allowing code execution on the workstation with the user's privileges.

Prerequisites

User must open a malicious file in Cscape Csfont
Vulnerability present in Cscape Csfont version 9.90 SP5 or earlier

buffer overflow vulnerabilitylocal code executionuser interaction requiredsocial engineering attack vectorlow EPSS score but high CVSS impact

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Cscape Csfont:≤ 9.90 SP5 (v9.90.196)9.90 SP6

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDDo not open unsolicited file attachments or files from untrusted sources, especially in engineering software

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape Csfont to version 9.90 SP6 or later

Long-term hardening

0/1

HARDENINGImplement email security controls to filter malicious attachments and educate staff on phishing and social engineering

CVEs (4)

CVE-2022-27184 CVE-2022-28690 CVE-2022-29488 CVE-2022-30540

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ed282f3-8385-40ca-a69b-5b199fa87754