CVE-2023-7206 - Vulnerability Details - OpenCVE

In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Hornerautomation	Cscape

Configuration 1 [-]

OR	cpe:2.3:a:hornerautomation:cscape::::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:-::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp1::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp10::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp2::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp3::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp4::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp5::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp6::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp7::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp8::::::
	cpe:2.3:a:hornerautomation:cscape:9.90:sp9::::::

No data.

References

Link	Providers
https://hornerautomation.com/cscape-software/
https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04

History

Wed, 13 Nov 2024 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-01-15T22:22:01.676Z

Updated: 2024-11-13T21:23:40.535Z

Reserved: 2024-01-04T14:30:55.707Z

Link: CVE-2023-7206

Vulnrichment

Updated: 2024-08-02T08:57:35.091Z

NVD

Status : Modified

Published: 2024-01-15T23:15:07.807

Modified: 2024-11-21T08:45:30.470

Link: CVE-2023-7206

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7206", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-01-04T14:30:55.707Z", "datePublished": "2024-01-15T22:22:01.676Z", "dateUpdated": "2024-11-13T21:23:40.535Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Cscape", "vendor": "Horner Automation", "versions": [{"lessThanOrEqual": "9.90 SP10", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "datePublic": "2024-01-11T18:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.</span>\n\n"}], "value": "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-Based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-01-15T22:22:01.676Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04"}, {"url": "https://hornerautomation.com/cscape-software/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Horner Automation recommends users to apply </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP11</a><span style=\"background-color: rgb(255, 255, 255);\"> or the latest version of their software.</span>\n\n<br>"}], "value": "\nHorner Automation recommends users to apply v9.90 SP11 https://hornerautomation.com/cscape-software/ \u00a0or the latest version of their software.\n\n\n"}], "source": {"advisory": "ICSA-24-011-04", "discovery": "EXTERNAL"}, "title": "Horner Automation Cscape Stack-Based Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.091Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04", "tags": ["x_transferred"]}, {"url": "https://hornerautomation.com/cscape-software/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-01-22T19:32:51.008554Z", "id": "CVE-2023-7206", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T21:23:40.535Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04", "tags": ["x_transferred"]}, {"url": "https://hornerautomation.com/cscape-software/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:57:35.091Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7206", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-22T19:32:51.008554Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-13T21:23:13.976Z"}}], "cna": {"title": "Horner Automation Cscape Stack-Based Buffer Overflow", "source": {"advisory": "ICSA-24-011-04", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Michael Heinzl reported this vulnerability to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Horner Automation", "product": "Cscape", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "9.90 SP10"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "\nHorner Automation recommends users to apply v9.90 SP11 https://hornerautomation.com/cscape-software/ \u00a0or the latest version of their software.\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">Horner Automation recommends users to apply </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://hornerautomation.com/cscape-software/\">v9.90 SP11</a><span style=\"background-color: rgb(255, 255, 255);\"> or the latest version of their software.</span>\n\n<br>", "base64": false}]}], "datePublic": "2024-01-11T18:00:00.000Z", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04"}, {"url": "https://hornerautomation.com/cscape-software/"}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n<span style=\"background-color: rgb(255, 255, 255);\">In Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.</span>\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-Based Buffer Overflow"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-01-15T22:22:01.676Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7206", "state": "PUBLISHED", "dateUpdated": "2024-11-13T21:23:40.535Z", "dateReserved": "2024-01-04T14:30:55.707Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-01-15T22:22:01.676Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE2DC26D-983D-42DF-A903-1AFC1430EB07", "versionEndExcluding": "9.90", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:-:*:*:*:*:*:*", "matchCriteriaId": "F3037FE7-0230-48F0-8665-3F63F4D57AFF", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp1:*:*:*:*:*:*", "matchCriteriaId": "419F775A-9EC9-4C78-9834-D241D18E67AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp10:*:*:*:*:*:*", "matchCriteriaId": "05F0FEE9-B508-48FD-85DD-6B1CA1C386BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp2:*:*:*:*:*:*", "matchCriteriaId": "A20012C0-21A9-42BD-AF6A-CC193A3631FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp3:*:*:*:*:*:*", "matchCriteriaId": "D62ADB7C-09CC-4A36-BD7C-235029100510", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp4:*:*:*:*:*:*", "matchCriteriaId": "35C25D54-A7DD-43D0-8A4C-EF274B8EAB65", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp5:*:*:*:*:*:*", "matchCriteriaId": "289190F6-E74B-4869-B47B-734A965A0C3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp6:*:*:*:*:*:*", "matchCriteriaId": "B4EEABB9-4AD6-4F42-975D-5D4A50047EA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7:*:*:*:*:*:*", "matchCriteriaId": "DEB9CAB3-BB31-4344-88AE-E161776E7D4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1:*:*:*:*:*:*", "matchCriteriaId": "A4C0B423-D6B9-4B7D-BB08-BFA2701313F4", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*", "matchCriteriaId": "F9866251-8120-422D-9764-E4D7F8A5EE51", "vulnerable": true}, {"criteria": "cpe:2.3:a:hornerautomation:cscape:9.90:sp9:*:*:*:*:*:*", "matchCriteriaId": "CE1F918C-F6D6-43D5-A98C-55DB1D3C4AF9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n"}, {"lang": "es", "value": "En las versiones 9.90 SP10 y anteriores de Horner Automation Cscape, los atacantes locales pueden aprovechar esta vulnerabilidad si un usuario abre un archivo CSP malicioso, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario en las instalaciones afectadas de Cscape."}], "id": "CVE-2023-7206", "lastModified": "2024-11-21T08:45:30.470", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-15T23:15:07.807", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Product"], "url": "https://hornerautomation.com/cscape-software/"}, {"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://hornerautomation.com/cscape-software/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}