Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Horner Automation Cscape EnvisionRV Improper Input Validation
Vulnerability Description
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Horner Automation Cscape 输入验证错误漏洞
Vulnerability Description
Horner Automation Cscape是美国Horner Automation公司的一套用于工业控制系统开发的编程软件。 Horner Automation Cscape EnvisionRV存在输入验证错误漏洞,该漏洞可通过解析恶意制作的项目文件加以利用。这些问题是由于对用户提供的数据缺乏适当的验证,这可能导致读取和写入超过分配的数据结构的末尾。利用这个漏洞需要用户交互,因为攻击者可利用该漏洞必须欺骗有效用户来打开一个恶意的HMI项目文件。
CVSS Information
N/A
Vulnerability Type
N/A