Horner Automation Cscape

Plan Patch7.8ICS-CERT ICSA-23-143-04May 31, 2023

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Multiple buffer overflow and memory corruption vulnerabilities in Horner Automation Cscape and Cscape EnvisionRV software. These vulnerabilities (CWE-121, CWE-125, CWE-416, CWE-824, CWE-787) allow an attacker to disclose information and execute arbitrary code.

What this means

What could happen

An attacker with local access to a machine running Cscape or EnvisionRV could execute arbitrary code to modify control logic, alter process parameters, or crash the engineering workstation, disrupting system development and monitoring.

Who's at risk

Organizations using Horner Automation Cscape or EnvisionRV for automation programming and monitoring. This affects engineering workstations and development environments in manufacturing, water/wastewater, and electric utility control systems.

How it could be exploited

An attacker must have local access to a machine running vulnerable Cscape or EnvisionRV software. Exploitation likely involves opening a malicious file or project that triggers a buffer overflow in the application, allowing code execution with the privileges of the user running the software.

Prerequisites

Local access to Cscape or EnvisionRV machine
User interaction to open malicious file or project
Cscape v9.90 SP8 or earlier, or EnvisionRV v4.70 or earlier

local access requireduser interaction requiredmemory corruption vulnerabilitiesinformation disclosure possiblearbitrary code execution possible

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Cscape: v9.90 SP8v9.90 SP89.90 SP9

Cscape EnvisionRV: v4.70v4.704.80

Remediation & Mitigation

0/4

Do now

0/1

HARDENINGDo not click web links or open attachments in unsolicited email on engineering workstations

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape to v9.90 SP9 or later

HOTFIXUpdate Cscape EnvisionRV to v4.80 or later

Long-term hardening

0/1

HARDENINGRestrict physical and network access to engineering workstations running Cscape or EnvisionRV to authorized personnel only

CVEs (10)

CVE-2023-29503 CVE-2023-32281 CVE-2023-32289 CVE-2023-32545 CVE-2023-27916 CVE-2023-28653 CVE-2023-31244 CVE-2023-32203 CVE-2023-32539 CVE-2023-31278

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1f1103cd-95ee-4cc7-9bd3-296296fb6438