2024-01-16 00:55:28 +00:00
{
"id" : "CVE-2023-7206" ,
"sourceIdentifier" : "ics-cert@hq.dhs.gov" ,
"published" : "2024-01-15T23:15:07.807" ,
2024-12-08 03:06:42 +00:00
"lastModified" : "2024-11-21T08:45:30.470" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2024-01-16 00:55:28 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "\nIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.\n\n"
2024-01-16 15:00:29 +00:00
} ,
{
"lang" : "es" ,
"value" : "En las versiones 9.90 SP10 y anteriores de Horner Automation Cscape, los atacantes locales pueden aprovechar esta vulnerabilidad si un usuario abre un archivo CSP malicioso, lo que resultar\u00eda en la ejecuci\u00f3n de c\u00f3digo arbitrario en las instalaciones afectadas de Cscape."
2024-01-16 00:55:28 +00:00
}
] ,
"metrics" : {
"cvssMetricV31" : [
2024-01-23 21:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "ics-cert@hq.dhs.gov" ,
"type" : "Secondary" ,
2024-01-23 21:00:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
2024-01-23 21:00:28 +00:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-01-23 21:00:28 +00:00
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
} ,
2024-01-16 00:55:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-01-16 00:55:28 +00:00
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 7.8 ,
"baseSeverity" : "HIGH" ,
2024-01-16 00:55:28 +00:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "NONE" ,
"userInteraction" : "REQUIRED" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "HIGH" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "HIGH"
2024-01-16 00:55:28 +00:00
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 5.9
}
]
} ,
"weaknesses" : [
2024-01-23 21:00:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "ics-cert@hq.dhs.gov" ,
"type" : "Secondary" ,
2024-01-23 21:00:28 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-121"
2024-01-23 21:00:28 +00:00
}
]
} ,
2024-01-16 00:55:28 +00:00
{
2024-12-08 03:06:42 +00:00
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
2024-01-16 00:55:28 +00:00
"description" : [
{
"lang" : "en" ,
2024-12-08 03:06:42 +00:00
"value" : "CWE-787"
2024-01-16 00:55:28 +00:00
}
]
}
] ,
2024-01-23 21:00:28 +00:00
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "9.90" ,
"matchCriteriaId" : "EE2DC26D-983D-42DF-A903-1AFC1430EB07"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:-:*:*:*:*:*:*" ,
"matchCriteriaId" : "F3037FE7-0230-48F0-8665-3F63F4D57AFF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp1:*:*:*:*:*:*" ,
"matchCriteriaId" : "419F775A-9EC9-4C78-9834-D241D18E67AE"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp10:*:*:*:*:*:*" ,
"matchCriteriaId" : "05F0FEE9-B508-48FD-85DD-6B1CA1C386BA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp2:*:*:*:*:*:*" ,
"matchCriteriaId" : "A20012C0-21A9-42BD-AF6A-CC193A3631FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp3:*:*:*:*:*:*" ,
"matchCriteriaId" : "D62ADB7C-09CC-4A36-BD7C-235029100510"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp4:*:*:*:*:*:*" ,
"matchCriteriaId" : "35C25D54-A7DD-43D0-8A4C-EF274B8EAB65"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp5:*:*:*:*:*:*" ,
"matchCriteriaId" : "289190F6-E74B-4869-B47B-734A965A0C3F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp6:*:*:*:*:*:*" ,
"matchCriteriaId" : "B4EEABB9-4AD6-4F42-975D-5D4A50047EA6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp7:*:*:*:*:*:*" ,
"matchCriteriaId" : "DEB9CAB3-BB31-4344-88AE-E161776E7D4F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp7.1:*:*:*:*:*:*" ,
"matchCriteriaId" : "A4C0B423-D6B9-4B7D-BB08-BFA2701313F4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp8:*:*:*:*:*:*" ,
"matchCriteriaId" : "F9866251-8120-422D-9764-E4D7F8A5EE51"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:hornerautomation:cscape:9.90:sp9:*:*:*:*:*:*" ,
"matchCriteriaId" : "CE1F918C-F6D6-43D5-A98C-55DB1D3C4AF9"
}
]
}
]
}
] ,
2024-01-16 00:55:28 +00:00
"references" : [
{
"url" : "https://hornerautomation.com/cscape-software/" ,
2024-01-23 21:00:28 +00:00
"source" : "ics-cert@hq.dhs.gov" ,
"tags" : [
"Product"
]
2024-01-16 00:55:28 +00:00
} ,
{
"url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04" ,
2024-01-23 21:00:28 +00:00
"source" : "ics-cert@hq.dhs.gov" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://hornerautomation.com/cscape-software/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Product"
]
} ,
{
"url" : "https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-04" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
2024-01-16 00:55:28 +00:00
}
]
}
