Horner Automation Cscape

Plan PatchCVSS 7.8ICS-CERT ICSA-24-345-05Dec 10, 2024

Horner Automation

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

Horner Automation Cscape versions 10.0.363.1 and earlier contain vulnerabilities that allow disclosure of information and arbitrary code execution via a local attack vector with user interaction. The vulnerabilities are not remotely exploitable. Successful exploitation could compromise engineering data, control logic, or the integrity of configured industrial control systems.

What this means

What could happen

An attacker with local access to a workstation running Cscape could read sensitive information or execute arbitrary code, potentially compromising engineering designs, configurations, or the integrity of control systems configured in Cscape.

Who's at risk

Engineering staff and automation specialists who use Horner Automation Cscape for configuring PLCs, RTUs, and other industrial controllers in water treatment, power distribution, manufacturing, and other process industries.

How it could be exploited

An attacker with physical or local network access to an engineering workstation running vulnerable Cscape software could trigger the vulnerability through user interaction (e.g., opening a malicious file or project), leading to code execution with the privileges of the Cscape user. The attacker could then extract configurations, modify control logic, or compromise the workstation itself.

Prerequisites

Local access to workstation running Cscape
User interaction required (opening file or project)
Cscape version 10.0.363.1 or earlier

local access requireduser interaction requiredaffects control system configuration toolinformation disclosure possiblearbitrary code execution possible

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Cscape: <=10.0.363.1≤ 10.0.363.110 SP1+

Remediation & Mitigation

0/4

Do now

0/2

HARDENINGRestrict physical and local network access to engineering workstations running Cscape to authorized personnel only

WORKAROUNDTrain personnel to avoid opening suspicious files or projects in Cscape from untrusted sources

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Cscape to version 10 SP1 or later

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate engineering workstations from business networks and untrusted network segments

CVEs (2)

CVE-2024-9508 CVE-2024-12212

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1d7826d4-da09-4746-bfa6-85fa627eb697

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.