OTPulse
FeedAboutContact

Horner Automation Cscape

Plan Patch7.8ICS-CERT ICSA-24-345-05Dec 10, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

Horner Automation Cscape v10.0.363.1 and earlier contains a buffer overflow vulnerability (CWE-125) that allows local attackers with user interaction to disclose sensitive information or execute arbitrary code on an engineering workstation. The vulnerability requires local access to the machine running Cscape and is triggered when a user opens a malicious project file or performs a specific action within the application. Successful exploitation could allow an attacker to modify control logic, steal credentials, or alter settings before uploading changes to PLCs and field devices.

What this means
What could happen
An attacker with local access to a machine running Cscape could read sensitive information or execute arbitrary code on the engineering workstation, potentially modifying control logic, alarms, or setpoints before uploading changes to PLCs and other control devices.
Who's at risk
Engineering teams and OT personnel at water utilities, electric utilities, and industrial facilities who use Horner Automation Cscape for programming PLCs and control systems. This affects any organization relying on Cscape v10.0.363.1 or earlier as their primary engineering platform.
How it could be exploited
An attacker must have local access to the Windows machine running Cscape (e.g., via USB, shared machine, or compromised user account). They would then exploit a buffer overflow or similar memory corruption flaw to execute code within the Cscape application context. This code could be used to modify project files, steal credentials, or alter control logic before deployment.
Prerequisites
  • Local access to the Windows machine running Cscape
  • User interaction required (the vulnerability is triggered by opening a malicious file or performing a specific action)
  • Cscape version 10.0.363.1 or earlier
Local access required (reduces risk for remote attackers)User interaction neededBuffer overflow / memory corruption (CWE-125)Affects engineering workstations (key to control system integrity)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
Cscape: <=10.0.363.1≤ 10.0.363.110 SP1 or later
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict local access to engineering workstations running Cscape; limit to authorized personnel only and require login authentication
WORKAROUNDEducate users not to open project files from untrusted sources on engineering workstations
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape to version 10 SP1 or later
Long-term hardening
0/1
HARDENINGIsolate engineering workstations from business networks and the Internet using a firewall or air-gap; only allow connections to the process network when needed for programming
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/1d7826d4-da09-4746-bfa6-85fa627eb697
Horner Automation Cscape | CVSS 7.8 - OTPulse